In 2017, shortly after President Donald Trump took office, several media outlets pointed out the lack of oversight regarding the use of his personal mobile device -an Android phone at the time– and the risks involved. Recently, the impeachment inquiry allowed the public to really understand Trump’s mobile phone etiquette. He tweets with it, he makes international calls over an unsecured phone line, and despite every effort of his closest staff members to ban its use, the leader of the free world insists on breaking most mobile security rules, potentially leaking key information to a series of very interested third parties.
The rest of the law-abiding citizens of the world don’t usually question whether their phones are secure from malicious eyes, mainly because a vast majority don’t hold important, confidential information on them. In most cases, the most important piece of data stored in your device is your bank account. Things are very different if you belong to a high-ranking organization, maybe with an influential position. Your smartphone is no longer an individual device, it’s an endpoint. The more significant your role in an organization, the higher the risk. So, when dealing with these issues from a presidential perspective, it can be a serious hassle, with dangerous ramifications and consequences.
Most importantly, the real risk associated with our mobile devices is the fact that most of us, especially people who haven’t grown with the digital devices available today, trust too much on the apparent security that these devices present. Inattention, recklessness and oversight are helplessly linked to our nature. If we put this in context, even the most concerned about security can be fooled. Jeff Bezos was one of them: an apparently harmless link sent via WhatsApp exposed an infidelity to the entire world. In Mexico, a series of SMS messages, carefully crafted, were used to install malicious software in phones of journalists, politicians and community leaders. People, just like President Trump, carrying important information, exposed to the dangers of the gullible nature of humanity. In short, we’re careless where and when we shouldn’t because we don’t feel insecure about our mobile devices. And for the most part, we don’t know why we should.
No phone is a swiss vault, despite the marketing
After three years of continuous data breaches, apologies from hardware and software developers, and deep changes to security regulations, marketing from mobile companies has been centered over the idea of ‘privacy’ and ‘security’. Apple has an entire landing page about mobile security, Samsung claims their phones are more secure than ever, and even Google is limiting the amount of information it collects from your devices. Sadly, claiming to be secure doesn’t make you unbreakable. Most of the features in a common smartphone rely on us trusting the networks we use, the app manufacturers, and very complex layers of hardware and software, on the phone but also from our ISPs and -of course- the cloud.
In the specific case of President Trump, we know the endpoint: an iPhone device (which he allegedly hates because it doesn’t have a home button like previous models). Several reports involving high ranking officials in the Trump administration revealed a lack of protocol regarding the use of his mobile device. In fact, one of his cell phone calls to Ukraine -to Gordon Sondland, US Ambassador to the European Union- had a very likely chance of being intercepted by Russian spies.
That leads us to the first weak part of a mobile device: the phone calls themselves. SS7 and SIGTRAN, the signaling protocols used in mobile phone calls, are known to be unreliable for years. Most of SS7 vulnerabilities have been exploited to this day, which includes listening to calls, tracking the phone, and intercepting SIM data and text messages. A lot of these vulnerabilities are dependent on the ISPs: mobile networks are the only ones who can protect their customers, which they seldom do.
Another potential vulnerability, now related to usability, is phishing. Most desktop browsers have link previews: if you hover the pointer over, you get at least an idea of where you’re heading. Phones and tablets don’t have that advantage. If someone sends you a suspicious link using social engineering and a compelling message, you could be enticed to open it blindly.
In some cases, having too much security is oddly more insecure. For example, phone manufacturers are willing to modify the OS to a dangerous extent. The most recent case is Samsung: researchers of Google’s own Project Zero scolded the South Korean manufacturer regarding some serious kernel modifications, which ended up adding more security bugs, memory corruption issues, and vulnerabilities that allowed arbitrary code execution, a jackpot for hackers.
Of course, there’s also a great deal of vulnerabilities we don’t know yet. Some tech companies and organizations have standing bounties for zero-day exploits on iOS and Android devices, so we can presume that hackers haven’t found the golden ticket to access our phones without our involvement. However, believing in that assumption without constantly questioning it can be harmful, especially if we’re the ones responsible for securing mobile devices in our organizations.
What can be considered safe for a chief of state
So, if no commercial or mainstream smartphone is really secure, is there any feature to consider to keep a phone really safe from vicious hands? There are a lot.
First and foremost, a phone should be permanently encrypted. Apple and Android (at least since Lollipop) are encrypted by default, and it decrypts -with some differences here and there- your information as soon as you input the device’s password, cross-referencing it with a unique key stored in the phone. That doesn’t mean your phone is always encrypted: your files are still open to privy eyes as long as your device is unlocked, and most of your data exists in a space that is not permanently encrypted, mainly because it could negatively impact the phone’s performance. There are several alternatives for this: the manufacturer may implement a permanent encryption system or safe spaces where data can’t be seen by someone else.
Speaking of someone else looking, when data leaves your phone is at its most vulnerable state. That’s why securing end-to-end communications is key in keeping your mobile security high. Messaging apps like WhatsApp and Telegram are embracing a secure end-to-end culture, but that should be the standard for every single communication channel the phone has. For example, the browser’s application and transport layers can be protected using a private VPN, routing the entire traffic of the phone through secure exit nodes under a ciphered protocol, like AES.
Needless to say, a malware-resistant phone is a secure phone. Top-of-the-line secure phones rely on revised and solid standards to handle installations, links and new files. Some OS modifications allow for recursive checks, where it searches for changes in the core functionality of the operating system. If any files were modified, the system is capable of blocking itself, not allowing the hacker to continue further in. Furthermore, by limiting the access of the hardware by the software layer, you can even protect your device from hackers who try to access random locations in memory, like the ones seen in Meltdown and Spectre bugs.
The main issue regarding any critical security step is the reliability of the engineers behind it. In many cases, as consumers we take a leap of faith: we trust our manufacturers and we expect they take security and privacy seriously. In any case, we should take every claim in the security world with a grain of salt, because as we said earlier, no piece of software is perfect. The rule of thumb here is to choose a mobile device as secure as the information inside it, and that -for better or worse- means believing, not in marketing but in reliable security.
Above all, a secure phone should have a big, red self destruct button. Okay, maybe not literally, but a phone that can wipe itself if defaced is two times safer than one who can’t.
The world of “Fort Knox-like” mobile devices
There is a spectrum of phones that cover those necessities, but most of them come with a caveat: the more disconnected the phone from the outside world, the safer it is. That’s the reason why President Trump won’t change his iPhone anytime soon: most of these phones restrict the use of apps like Twitter, and the hassle of having a government-issued secure phone is enough of a motive for him.
A good example of a secure device is the Sirin Finney, developed in Israel -coincidentally, the world leaders in phone unlocking- specifically for the crypto market. It claims to be the most secure “blockchain smartphone”, with a cryptocurrency cold wallet. It includes “military-grade security”: a proprietary intrusion prevention system, end-to-end encrypted calls and messages and secured emails. The device’s operating system, called Sirin OS, is a heavily modified version of Android Oreo. The downside? It costs $999, for a phone which isn’t the best, specifications-wise.
An Arab firm called DarkMatter showed their concept of a rugged, secure phone in MWC last year: the Katim R01. This is not a commercially available phone -at least not for everyone- but symbolizes everything we should have on a Fort Knox-type phone: multi-factor authentication, physical tamper monitoring with a self destruct mechanism that works even with a depleted battery, a “shield mode” that shuts off microphones and cameras, a customized OS, an SOS button, and a rugged construction. It sounds perfect because it still is a proof of concept, but it could be a step in the right direction to push mobile security forward.
A real alternative is a paid app called Silent Phone, made by Silent Circle -the same team behind the Blackphone, one of the safest phones ever made- and aiming to organizations who need extra security in their internal comms. They have a serious offer: no “man-in-the-middle” attacks. Every call made from the app is peer-to-peer and encrypted, it has no backdoors -that we know of- and is easy to deploy. If you’re not able to buy phones for your entire organization but still need secure comms and don’t really believe in apps like Signal, Silent is a paid service to consider.
Budget-friendly secure phones
As we said earlier, not everyone has a huge budget for security -they should!- but even in the consumer world there are alternatives besides the latest Galaxy. We stated previously that no commercial phone is really secure, although there is a market for phones on the Android side who are very competitive in the security field. An iPhone made by Apple in California may sound more secure to you, but the last word in this war has not been said yet. As every solution in this post, your mileage may vary.
For example, Blackberry -who recently ended its contract with Chinese manufacturer TCL- has been developing safe alternatives in the Android Market since its return. The latest device on a series of safe smartphones is the KEY2, an Oreo-powered phone that doesn’t only have a physical keyboard, but a series of mobile security measures: a private app zone, a private browser -Firefox Focus- and DTEK, their proprietary app control system. The app acts as a middleman, monitoring comms and hardware use from apps.
If the lack of updates to the OS scare you, the solution may as well be the most updated phone on the Android market: the Google Pixel. Of course: it’s not a security-focused device, but the company led by Sundar Pichai has an entire team of developers updating the OS regularly, especially when it comes to zero-day vulnerabilities. If you opt-in favor of a commercially available smartphone, you should at least choose the one with monthly -and sometimes weekly- updates.
Or you can be the POTUS, and be led by usability and marketing. Let’s hope he doesn’t leak any critical information because we will know.