Politico reports that Trump uses two iPhones. One is Twitter-only. The other only allows him to make calls. Both are customized, issued by the White House department responsible for securing administration telecommunications. One problem identified by Politico, though, is that the Twitter-capable phone wasn’t swapped out on a monthly basis, as requested by Trump’s security team. The reason for those swaps, it noted, was to check to see if the device had been infiltrated by a hacker or foreign power — as it seems White House Chief of Staff John F. Kelly’s phone had been at some point before he joined the administration.
It wasn’t clear how often his calls-only phone was replaced in Politico’s reporting, but in a statement to ABC News, the White House insisted that those phones “are seamlessly swapped out on a regular basis through routine support operations.”
Security expert Bruce Schneier spoke by phone with The Post and explained why, even if he adhered assiduously to those precautions, the likelihood that Trump’s communications have been compromised is high.
If Trump’s calls-only device was a standard iPhone, there’s little question about it. The odds of a foreign adversary having gained access to such a device, according to Schneier?
“One” — meaning 100 percent, he said. “The question is how many foreign powers.” The president could assume, he said, “that anything said on unsecured phones is known by — name your top six intelligence agencies.”
The question is how the phone is secured. It seems clear that one difference between the two phones Trump is given is to keep the one that can make and (presumably) receive phone calls separate from the one that’s connected to the Internet. I asked Schneier how a phone might be secured, and he said that it would require a complex six-hour lecture, which I chose to forego. But one mechanism, certainly, is to keep a phone off the Internet — therefore making it harder for the device to be compromised. A phone that’s connected to the Internet is as vulnerable to hacking and infiltration as any other computer (which, Schneier notes, is all a smartphone is).
What the White House security team probably would do, Schneier said, is physically disconnect key parts of the Twitter-only phone: the microphone, the camera, the GPS. If it’s hacked and those tools are disabled, compromising the device would simply give a foreign adversary “a 10 millisecond advance notice of what he’s going to tweet,” he said. If the microphone and camera on that device weren’t disconnected, there’s a real risk of a foreign adversary using the device to eavesdrop after having compromised it over the Internet. A high risk, Schneier figured, again assigning it a 100 percent likelihood of happening.
On the other phone, disconnecting the microphone isn’t an option. It’s possible to separate voice from data in cellphone transmissions, meaning Trump’s calls-only device could conceivably be physically altered in some way to keep it from being Internet accessible. Those calls still go out over a cellphone network, and Politico writes that Trump’s phone “isn’t equipped with sophisticated security features designed to shield his communications.” It’s not clear what that means.
In short order, though, we get to a bigger problem: The people on the other end.
It’s well established that Trump likes calling his friends and allies to sound them out about policy and personnel issues. Last week, New York magazine reported that Trump speaks to Fox News Channel host Sean Hannity on a near-nightly basis. Even if Trump’s phone were perfectly secured, if Hannity’s isn’t, Trump’s calls are at risk.
Schneier gave an example to highlight this problem.
“I don’t use Google. I don’t use Gmail, because I don’t want Google storing my email. That’s a deliberate choice I make,” he said. “Last time I checked, Google has about half of my email because while I don’t use Gmail, everyone else does.”
How secure Trump’s calls are depends largely on how he’s communicating. (And, of course, what he says. “If he’s complaining about lunch in the White House cafeteria,” Schneier noted, it’s less of a risk.) There is a secure phone system that Trump can use to contact other people within the federal government. Or he could use more secure technology platforms such as Signal that are text-based. But it depends not only on what device he’s using but also on what the other person is using. Foreign adversaries looking to hear what Trump is talking about may not need to hack into Trump’s well-secured phones. They can hack into Hannity’s.
The rationale for regularly swapping out the phones is precisely to be able to determine whether the devices have been compromised. It’s a game of cat and mouse, as Schneier presents it, with adversaries looking to gain access to the device in a new way, and Trump’s security team looking to block or discover those points of access.
There are two advantages to this. The first is that it means that foreign hackers would need to re-compromise the device each month. The second is that the trick they used to compromise the device might have been discovered, and they will need another trick — or a new one. That said, though, “attack is easier than defense,” Schneier said. “It is easier to attack a system.”
The White House told ABC that the devices were “more secure than any Obama-era devices” because of improvements in technology. It’s worth noting, as Schneier did in our call, that a foreign leader’s phone being accessed by another nation is not unheard of: Under President Barack Obama, the NSA hacked the cellphone used by German Chancellor Angela Merkel.
A central point Schneier raised is that these problems with security are not unique to the president.
“This is no different from your computer,” he said. “This is no different than you securing your computer from hackers and criminals, except the stakes are much higher and the expertise is much higher. But it’s the same damn game.”
He put a fine point on it.
“This is not just Trump,” he said. “This is everybody.”