Reports that President Donald Trump has resumed using his Android-powered smartphone are prompting security experts to warn that his Twitter addiction could open up vulnerabilities inside the Oval Office.
The New York Times reported Wednesday that Trump is still using “his old, unsecured Android phone, to the protests of some of his aides,” even after a story last week said he had been supplied with “a secure, encrypted device approved by the Secret Service.” That alarms experts who note that Android, an operating system developed by Google, is notoriously insecure, especially on older phones that no longer receive software updates from their manufacturers or wireless carriers.
Story Continued Below
The website Android Central cited photographic evidence to claim that Trump’s go-to phone is a Samsung Galaxy S3, a model released in 2012 that has not received software updates since mid-2015. Researchers later uncovered one of the most dangerous Android vulnerabilities, the so-called Stagefright bug, which lets hackers take control of a phone using only a text message.
“It’s just crazy that the president is interacting with such an out-of-date and likely insecure device,” Matthew Green, a computer science professor at Johns Hopkins University, told POLITICO.
“His off-the-shelf Android could potentially become a room bug without his knowledge,” said Bruce Schneier, one of the world’s foremost cybersecurity experts. “An attacker could certainly hijack his apps.”
The White House and the Secret Service did not respond to requests for comment. A spokeswoman for the Defense Information Systems Agency, which helps secure the president’s communications, declined to comment on protective measures.
The continued questions about Trump’s phone use come after a presidential campaign in which he and his allies repeatedly accused Hillary Clinton of endangering national security by using a private email server when she was secretary of State. They also alleged, without evidence, that foreign governments had breached the server.
For Trump and his phone, “the real issue is what he does with it,” Schneier said in an email. “If he’s using it to send and receive classified information, we have a real problem.”
That might be unlikely for Trump, who once proclaimed that “no computer is safe” and has suggested that sensitive documents should be sent by courier. News reports say he doesn’t use email and that he communicates with aides by scribbling comments on printed documents — rather than tapping out feedback on a smartphone keyboard the way former President Barack Obama often did.
But even if Trump isn’t using the phone to send and receive sensitive messages, it still could open up security risks if hackers infect it. For example, they could use the phone to covertly track his location, tweet out fake news about terrorist attacks, or even eavesdrop through the camera and microphone. Depending on how securely the computer networks in the White House have been hardened, any malware already implanted on the phone could possibly roam to other officials’ devices.
Even a phone running the latest, most secure version of Android available would still be at risk of being penetrated by foreign intelligence agencies, especially those of Russia and China. While these spies would similarly target an iPhone, security experts say the Apple device is more capable of repelling hackers.
“All of these attacks are possible, and even probable by the big national intelligence agencies,” Schneier said.
In addition, the boom in smartphone technology has created a thriving market for the kinds of advanced phone-surveillance tools previously available only to powerful governments. Green said sophisticated criminal gangs could commander an Android device remotely “if there was enough financial incentive.”
Trump’s tweets frequently indicate that he is using Twitter’s Android app, which is usually interpreted as a sign that the messages come from him directly — as opposed to the iPhone often used by his staff. The tweets don’t indicate which Android model he is using.
While Android offers users much more flexibility and choice than the operating system that powers Apple’s iPhones and iPads, that translates to less-rigorous security controls. Older and less expensive Android phones also lack the iron-clad encryption found on newer iPhones, which even the FBI has complained it’s unable to crack.
The NSA has developed and released its own secure version of Android, but it’s unclear whether the agency installed it on Trump’s phone — or whether the phone is even capable of running it.
“It’s pretty obvious that using a 2012-era phone is not a safe thing to do,” Green said in an email.