Report: Trump still uses his unsecured Android phone to tweet

President Trump is still tweeting from his old Android phone in the White House, even after being given a new, secure device just before his inauguration, according to a report in The New York Times.

That revelation stirred some strong negative reactions from three mobile security analysts contacted on Thursday. Two of those analysts said using the older Android device only for tweeting doesn’t necessarily pose a national security risk, but they questioned what else he might be doing with that Android device that could pose such risks.

“If all that President Trump does with that Android phone is tweet, then it’s not a [security] problem,” said Roger Entner, a long-time analyst on mobile and security matters at Recon Analytics. “If he does more than that, then it becomes a significant problem especially if the Android phone travels with the President overseas.”

However, Entner said it is possible some hacker or group could pose as President Trump using his @realDonaldTrump handle. Doing that likely would require breaking into secure Twitter servers or the wireless and wired network infrastructure used to reach Twitter from any device. Or, someone could gain access to his Twitter user name and password, which becomes more possible if he has trusted other people to access his account.

“Hackers can pose like him on any device and that’s more about his Twitter security, not the phone security,” Entner explained.

“The main problem is if someone hacks his unsecured Android phone, then they can always locate where the phone is and in all likelihood where he is. This is the kind of metadata that the spy agencies thrive on when going after their targets,” Entner said.

Jack Gold, an analyst at J. Gold Associates, had similar concerns. “If President Trump is still using his unsecured Android phone for tweeting, what else is he using it for and what kind of info does he have on it that could be compromised?” he asked.

“In theory, the whole reason for giving him a secured phone is to prevent any hacks or the interception of sensitive data and communications,” Gold added. “The mere fact that he is using an unsecured device is very troubling. That would probably be grounds for dismissal for many other government employees who face much stricter enforcement” on their use of mobile devices.

During his campaign, Trump frequently expressed concerns over former Secretary of State Hillary Clinton’s use of a personal e-mail server for some official business.

“We should learn from the lessons of Secretary Clinton, who used an unsecured device for much of her tenure,” Entner said. “There are very are sophisticated people and countries out there who love to know what the President talks about to his inner circle.”

The White House could not be reached to comment on President Trump’s activity on his Android device or his Twitter account during his first week in office. A spokesman for the U.S. Secret Service referred questions about the matter to the White House.

The Secret Service protects the president and was likely involved in the decision to give Trump a more secure device just before last Friday’s inauguration. It was widely assumed at that time that Trump would give up his Android phone, reportedly a Samsung Galaxy S model.

However, The New York Times report of his first five days of living in the White House indicated Trump still used “his old, unsecured Android phone, to the protests of some of his aides.” He wrote and sent out a tweet on Tuesday that he would “send in the Feds” to Chicago to help end gun violence and killings there.

That Tuesday tweet and 12 others since then appeared on the @realDonaldTrump Twitter handle that Trump has used for months and that now has 22.2 million followers. It isn’t clear whether Trump is writing all the tweets himself or even using his Android device in every case.

Whatever Trump is doing with the old Android phone is certainly intentional, said Avivah Litan, a security analyst at Gartner.

“He wants people to listen in on his communications,” she said. “He can’t get enough public attention for his impulsive discourse. I’m sure he knows what he is doing and all of this is deliberate.”

Litan said she is sure Trump has access to highly secure communications when he knows that he needs to use them.

President Trump’s use of his old Android device while in the White House and while serving as president is troubling on several levels, the three analysts said. Just last week, Trump’s nominee for Treasury Secretary, Steven Mnuchin, suggested during his U.S. Senate confirmation hearing that the Internal Revenue Service needs “first-rate” computer technology to protect taxpayer privacy and the agency’s cybersecurity.

“We all should be concerned about cybersecurity,” Entner said. “Mnuchin is absolutely right. We need to do much more.”

Entner favors using two-factor authentication as standard for every site and organization that deals with personal information. “People should also pressure the sites they use that don’t offer two-factor authentication to offer it as soon as possible.”

http://www.computerworld.com/category/security/index.rss