When President Trump meets with North Korea’s Kim Jung Un, it’s a good bet that at some point he’ll be sharing tweets about the event, written and sent on his smartphone. Most Americans may think the biggest risk here is what he might say on Twitter, but there is growing concern that his phone could be the cause of a serious cybersecurity incident.
Last month, Politico brought light to the issue that the president’s iPhones aren’t fortified with security features, and perhaps even more concerning, the phones—one used strictly for phone calls and the other for Twitter and a few other apps—aren’t regularly checked to see if they’ve been infiltrated by bad actors. According to Politico, White House sources said that while the phones used for voice conversations are regularly swapped out for a security check, the Twitter phone goes months at a time, adding, “Because of the security controls of the Twitter phone and the Twitter account, it does not necessitate regular change-out.” Apparently, Trump considers this an inconvenience, and unfortunately, that is (pardon the pun) trumping cybersecurity.
But How Good Is the Security?
Twitter has had its share of security issues over the years. Just a month ago, users were alerted to change their passwords because of a glitch that put that information into readable text. While there is no indication anything was stolen this time, that wasn’t the case two years ago when Twitter was breached. Do we know how often the president changes his password? Do we know if his account has been hacked? If a hacker is able to gain access to the device, what can he control? Allegedly, the camera and GPS are disabled on the Twitter-enabled devices; however, a hacked account could allow a bad actor to send tweets that could create a national crisis or a global threat.
This doesn’t mean that the call-only phone is secure. Also a problem, as security expert Bruce Schneier told the Washington Post, are the people President Trump is communicating with. The White House security team isn’t monitoring the security of those devices, so if the president is communicating with someone using a hacked phone, Trump’s phone becomes unsecure.
Any security pro will tell you that no security platform is foolproof and having a layered security system is necessary. The White House security team is skipping one of those layers by not insisting on regularly checking the device to ensure it hasn’t been hacked. (President Obama’s smartphone was swapped out every 30 days, but with the increased sophistication of nation-state actors—those most likely to go after the executive iPhone—even once a month may not be often enough.) And all it takes is one infiltration to cause serious damage to our national security.
“Even if his newer iPhone is considered to be more secure than his older Android devices, it is still open to a potential breach, which could result in a serious national security issue,” said David Ginsburg, vice president of marketing at Cavirin, a Santa Clara, California-based cybersecurity firm.
Another Problem with Unsecure Phones
Ginsburg pointed out that President Trump’s unsecured phones signal a larger problem: the low priority given to overall cybersecurity by this administration.
“The larger issue that the president is thumbing his nose at (disregarding) our nation cybersecurity policy,” said Ginsburg. “The president is ultimately responsible for our nation’s cyberposture, and this sets a very bad precedent in being able to set effective policy within the government and even within large corporations.”
Although President Trump did draft an Executive Order meant to strengthen the federal government’s network security, there has been a dismantling of the cybersecurity force within the White House. Well-respected cybersecurity experts have left their positions to be replaced by officials without cyber experience.
We are a country that has seen Russian attempts and successes to hack our election system. And as Samm Sacks, a China and technology expert at the Center for Strategic and International Studies, told Politico, “It’s baffling that Trump isn’t taking baseline cybersecurity measures at a time when he is trying to negotiate his way out of a trade war with China, a country that is known for using cyber tactics to gain the upper hand in business negotiations.”
And on June 12, he’ll be meeting with North Korea, another country known for its cyberattacks. Will our national and cybersecurity be at risk due to an unsecure phone?