The military sysadmins in charge of Trump's cellphones can't get him to give up wildly insecure practices

With this kind of security - why hasn’t the pee tape leaked yet?

4 Likes

The Black Hats got there first and they’re working to ensure Trump stays in THEIR echo chamber, allowing no information in or out other than what they approve?

3 Likes

This story makes me wonder, if cyber threats are national security threats (and they are) and if off the shelf consumer grade phones can’t be properly secured (and they can’t) and if our experts can harden a phone against such attacks (and they can) why aren’t our lawmakers demanding cell phone makers only sell hardened devices as a matter of national security?

1 Like

Have you ever used a “hardened” phone? With the one maybe two apps that are approved for use on such a phone the public wouldn’t have any part of it.

Where’s my Shazam??! Hey Siri!
Hello, Siri?
Hello…

2 Likes

Take the Solarin phone for example. Press one button and it becomes a super hardened hardware security based phone. With it off, it’s a very secure version of android. Even in normal android mode, your incoming traffic is monitored and you have the option of having it automatically respond to threats with actions like dropping a connection, turning off wifi, or even shutting the device off.
So, the idea that hardened phones are unusable as a smartphone is simply incorrect F.U.D.

2 Likes

$14-15k for a Solarin phone is a price point for Colombian drug dealers, Russian oligarchs, and corrupt real estate developers. For the pedestrian class, not-so-much.

1 Like

Yeah, you said

and now that someone has shown you that your assumption isn’t quite based in fact you move the goalpost and argue price as if you aren’t aware that price is a function of supply and demand.
$9,818.47 was the cost of the first cell phone in today’s money. But hey! People kept buying them and now you can get one for $20. Why would anyone think the same can’t happen for hardening a phone?

1 Like

Sounds like a business opportunity!

“Why hasn’t 45 been hacked by the so-called White Hats for the good of the entire world?”

In this case the NSA, FBI, and CIA may be the “white hats”, hence the US intelligence community’s declaration and certainty of some Russian involvement (and anything else they might have on Trump; when you spy on someone, you don’t tell them — or anyone else — that they’re being spied on).

2 Likes

Though possible, I can’t even wrap my head around that concept.

4 Likes

I knew that was a risk as I wrote it, but those agencies are NOT fans of the Kremlin… or of having their agents compromised or killed (which is a risk re Trump’s ‘order’ to track down the alleged campaign “spy” who may also be providing info on the Russians).

3 Likes

I hear you, I simply have a hard time reconciling that idea; any of those agencies as ‘good guys,’ just because they are “the enemy of our enemy.”

3 Likes

The enemy of my enemy is … a temporarily convenient tool.

8 Likes

I have in mind a short story based on our political situation, where Trump gets overconfident and pushes Putin too hard on some international policy stuff.

Then, Putin decides to burn him. Press conference, massive data dump. Pee tape, private email correspondence about the DNC hack, all of it.

This new detail just adds to that situation exposure of what kind of porn Trump likes to watch. Or, the kind that the Russians send him.

4 Likes

For military/intelligence certification, the process is usually a lot more nitpicking. Even if the phone is rated as secure, every individual app run on it should have to be passed through a long approval cycle. (And not just the app in general, but a specific version of that app. Any updates would have to redo the cycle.)

That’s a guess based on how they’ve done things in the past, but I can’t imagine them changing that much.

ETA: I’m sure that POTUS-flagged apps scream through the cycle in months rather than years.

2 Likes
  1. The enemy of my enemy is my enemy’s enemy. No more. No less.

The Seventy Maxims of Maximally Effective Mercenaries

6 Likes

If ANYBODY ELSE did the same they’d loose their clearance. It’s as if you have a secure safe in the room and you told somebody how to use it yet they ignored all instructions and left it open for the all to see it’s contents.

The WH is compromised in soooooo many ways.

5 Likes

Uh, about that…

So yeah, most likely the president, although probably not using email himself, is having White House business go through private email accounts… (which has led to multiple instances where some joker convinced someone at the White House that they were another person working at the White House).

The real question is probably: how many entities have hacked his phones? Those have to be the most desirable hacking targets in the world, and they’re not secure (plus he spends much of his time outside secured environments, connecting to dodgy wi-fi and cell stations). So it’s pretty much guaranteed that they’ve been compromised as least as much as Trump himself has been. I suspect it still takes state-level resources to it, though. We just have to hope Mueller is one of the people listening in.

The (correct) perception by foreign governments before Trump was even elected was that he was for sale. I wonder if the security sloppiness isn’t, in part, Trump figuring that anyone who wants something from him can just directly pay him off and wouldn’t bother with skullduggery…

7 Likes

7 Likes

Aside from the zOMG going dark!!!; and the more or less complete lack of regulations regarding software quality(unless software ends up incidentally regulated because of its role in a regulated system); I suspect that user acceptance would be…tepid for the higher levels. You can get fairly pedestrian gear at EAL4 and FIPS 140-2 level 2-3ish(though finding mass market products that ship that way by default, less so); but go too much beyond that and you get lovable characters like the below; seen definitely not challenging Apple for the hearts and minds of the buying public.

(Edit: I’d love to get my hands on one of these; not because the UX isn’t miserable but because using absurdly clunky domain specific gear ironically is totally a thing; but that’s not a wide endorsement.

Also of note: despite this being a some thousands of dollars(though fewer than one might expect, I think you could get all the hardware needed for one unit, though not the supporting software and ancillary services upsells, for under $5k a pop) General Dynamics specialty widget built with ‘security’ well ahead of ‘shiny’; there are major compromises even within the housing of this thing for security. The main screen, playing display for some modified WinCE thing, is trusted to a lower level than the secondary character display at the bottom, because validating the comparatively large and complex OS to that level is harder. And I believe, unlike standard phones, that the cell modem was a separate component (designed to snap in mechanically, not just dangling); but bringing the usually-alarmingly-capable-and-basically-not-discussed baseband CPU and firmware inside the trusted zone, rather than treating it as untrusted medium, was also not on the table. Given the…nice…things people say about what little is publicly known about cell basebands I’m not sure if one validated to any significant level(much less that and for current networks, not an SDR implementation of something they have almost finished shutting off) is even something you can buy, period(short of handing Qualcomm an alarming amount of money to do a custom job for you, not just a ‘not for consumers, qualified customers inquire for prices’ item.))

5 Likes