President Trump's Insecure Android

By Nicholas Weaver
Thursday, January 26, 2017, 3:29 PM

Lost amid the swirling insanity of the Trump administration’s first week, are the reports of the President’s continued insistence on using his Android phone (a Galaxy S3 or perhaps S4). This is, to put it bluntly, asking for a disaster. President Trump's continued use of a dangerously insecure, out-of-date Android device should cause real panic. And in a normal White House, it would.

A Galaxy S3 does not meet the security requirements of the average teenager, let alone the purported leader of the free world. The best available Android OS on this phone (4.4) is a woefully out-of-date and unsupported. The S4, running 5.0.1, is only marginally better. Without exaggerating, hacking a Galaxy S3 or S4 is the type of project I would assign as homework for my advanced undergraduate classes. It’d be as simple as downloading a suitable exploit—depending on the version, Stagefright will do—and then entice Trump to clicking on a link. Alternatively, one could advertise malware on Breitbart and just wait for Trump to visit.

If you are finding Lawfare useful in these times, please consider making a contribution to support what we do.

Once compromised, the phone becomes a bug—even more catastrophic than Great Seal—able to record everything around it and transmit the information once it reattaches to the network. And to be clear even a brand new, fully updated Android or iPhone is insufficient: The President of the United States is worth a great many multiples of expensive zero-day exploits.

Based on the available information, the working assumption should be that Trump's phone is compromised by at least one—probably multiple—hostile foreign intelligence services and is actively being exploited. This would be exponentially more dangerous if he were carrying this phone into especially secure places. Security experts were rightly aghast to learn that Secretary Clinton kept her BlackBerry in her secure office in the State Department. This is far worse.

So what can be done?

First, anyone around the President should presume they are being actively recorded by hostile powers, regardless of location, unless they are positive the phone is out of the room. One wonders how many secrets have already been lost through that abominable device as Trump and his team get up to speed on our most closely held national security matters.

Second, the NSA is going to need to compromise here. The campaign demonstrated that it will not be possible to pull the president away from his Twitter account and he will insist on a mobile device. Despite the dangerous security practice—and the substantively destabilizing effects of his tweets—if the President demands this then NSA will need to accommodate it.

The technical engineering will involve taking a locked-down Android phone and installing a customized Twitter client preconfigured for the President. It will need to tweet, but the web browser must be restricted so that Trump cannot click on links. If necessary the client should take any link that is "clicked" and instead redirect the request to a separate system which downloads the web page, renders it, and outputs it to a printer. Under no circumstances may the President's device be able to visit web pages.

Even this is insufficient.  The President is an incredibly high-value target, so high that his personal device cannot be trusted to take input from even the restricted Internet of Twitter. The phone itself needs to know where it is and, when it enters a dangerous area, start emitting a warning noise.  Otherwise, it will almost certainly wind up in the Situation Room, with potentially disastrous results.

Even with all that, the phone is still a massive ongoing national security threat. Someone needs to impress upon Trump that his insistence on disregarding basic security here imperils us all. Perhaps Fox and Friends would be willing to deliver the message?