by Stephen Bryen
First, we heard that President Donald Trump gave up his Android-powered mobile phone and accepted a so-called secure phone provided by NSA. Now we hear that, in fact, he has kept his Android phone, but is only using it for sending tweets on Twitter. Otherwise, the phone just sits on his desk or on a nearby table.
Having an Android phone, or any other mobile phone including iPhone in the Oval office or on the person of the President is a terrible idea. Mr. Trump should ditch the phone as soon as possible. If he wants to tweet he can do it from a computer that does not have a camera or microphone and has as strong a firewall as available. It should be separately connected to the Internet and not in any way connected to any government system. This will give him some protection and protect the country better.
Mobile phones are notoriously insecure. Thanks to E911, ostensibly put there to make it easy to locate someone in an emergency, the government has complete 100% access to your location. But, since most folks let the GPS otherwise run on their phone, there are various bugs that can exploit that and track anyone with a mobile device. This makes the location of the President potentially known to an assassin or terrorist. The Secret Service should take note that there is no good way to prevent that kind of compromise on a commercially made phone.
The President’s phone is a Samsung Galaxy S-3. It is now an obsolete model, but it is reliable. It is not safe.
The Galaxy, like other Android and iPhone devices, can easily be infected by spyware called a spy phone bug. This bug can send back to its originator just about everything in terms of transactions on the phone, such as email, SMS messages, photos, and attachments. But the biggest danger is that some spy phone technology can turn on both the microphone and camera without the user knowing it. The only tipoff that a phone might be infected with a spy phone is if the phone feels warm or hot to the touch, indicating its microprocessor and radios have been running.
In the case of a sophisticated spy phone, the microphone and camera can be activated even when the phone is shut down. Turning off a phone actually does not kill everything, and if the bug can keep certain functions running in the background, but with the screen black, then the user literally has no idea he or she is under active surveillance.
One strategy to deal with the risk of a spy phone bug is to pull the battery out of the phone when it isn’t being used. That requires discipline and, most likely, a man as busy as the President is not going to be unplugging the phone’s battery. You can take the battery out of the S-3, but other models seal in the battery making it impossible to do so.
An alternative is to put the phone inside a lead-lined or steel mesh lined box, isolating it from sound and from radio waves. Again this requires discipline and understanding there is an active threat.
Many world leaders are incredibly sloppy with their mobile phones. This includes Hillary Clinton, John Kerry, Nicholas Sarkozy, Silvio Berlusconi, Angela Merkle and the Royal Family in the UK. There seems to be a disease among top leaders where they somehow think they are immune from wire-tapping and spyware. Even in Chancellor Merkle’s case, her “secure” phone was apparently successfully bugged, likely by NSA even though she frequently upgraded her phone and the phones were encrypted.
Which raised the question if even the NSA-supplied secure mobile phone is safe. NSA would say it is, and on the surface at least it looks good. But the operating system still has embedded deep inside it commercial code, and commercial codes are full of crowd-sourced material, which is how we got the heartbleed bug. So whether such a device is really good enough for the President remains more a proposition than a proven fact.
But most urgently President Trump should dump his Android phone. It is unsafe, potentially risking national security by exposing vital secrets and, even more so, putting the President’s life at risk.