Blog Ipsa Loquitur

Published on under Manchurian Release Candidates

Nicholas Weaver for Lawfare:

Lost amid the swirling insanity of the Trump administration’s first week, are the reports of the President’s continued insistence on using his Android phone (a Galaxy S3 or perhaps S4). This is, to put it bluntly, asking for a disaster. President Trump’s continued use of a dangerously insecure, out-of-date Android device should cause real panic. And in a normal White House, it would.

A Galaxy S3 does not meet the security requirements of the average teenager, let alone the purported leader of the free world. The best available Android OS on this phone (4.4) is a woefully out-of-date and unsupported. The S4, running 5.0.1, is only marginally better. Without exaggerating, hacking a Galaxy S3 or S4 is the type of project I would assign as homework for my advanced undergraduate classes. It’d be as simple as downloading a suitable exploit—depending on the version, Stagefright will do—and then entice Trump to clicking on a link. Alternatively, one could advertise malware on Breitbart and just wait for Trump to visit.

This should be a gigantic scandal. As Weaver says, it’s trivial for even undergraduates to compromise a phone this old and turn it into a 24/7 remote recording device. Nation states have significantly more resources and capabilities than students. Every conversation in the President’s presence is almost certainly being heard by at least one foreign intelligence agency. This is not a hypothetical situation.

Someone on the President’s staff needs to destroy his phone immediately. Don’t give him another one.