Security concerns force President Trump to ditch Android phone

Posted:
in iPhone
Incoming U.S. President Donald Trump has reportedly had to switch from his old Android phone to a new device, potentially a modified Apple iPhone.




Trump turned in his previous phone after arriving in Washington, D.C. on Thursday in preparation for Friday's inauguration, the Associated Press said. He was under pressure from security agencies to do so, given the potential threats posed by hackers gaining access.

While Trump's new device is unknown, it could be an iPhone if he follows in the steps of his predecessor. Barack Obama was the first U.S. president to carry a cellphone, initially starting with a modified BlackBerry, later migrating to an iPhone.

Obama's iPhone had its own restrictions, such as a limited number of people he could exchange email with. One benefit, though, is that it was the only device with access to the @POTUS Twitter account.

Trump was infamous for his Twitter posts during his election campaign, but has said he will continue to post through the @realDonaldTrump account, even after taking office. He or his staff have posted from an iPhone in the past.

While it is possible to lock down an Android phone -- by enabling full-disk encryption, using secure services, disabling riskier features, or even writing a customized version of Android -- an iPhone is often a simpler option. Full-disk encryption is on by default in iOS 8 and later, and any device with a Touch ID sensor also has a Secure Enclave, making even physical hacking difficult without a warrant.

iOS also doesn't allow native filesystem access, restricting what the software is capable of, but also safely sandboxing apps.

As of this writing, Trump's inauguration ceremony is currently ongoing. Read how to watch the event live on an iOS device or Apple TV.
«1

Comments

  • Reply 1 of 28
    melgrossmelgross Posts: 33,510member
    I believe it's the defense department that has chosen a Samsung phone with Knox as its security phone. I don't know why, but there must be some good reason. Perhaps that's what they'll give Trump.
  • Reply 2 of 28
    igorskyigorsky Posts: 752member
    melgross said:
    I believe it's the defense department that has chosen a Samsung phone with Knox as its security phone. I don't know why, but there must be some good reason. Perhaps that's what they'll give Trump.
    This is incorrect...Samsung phones with Knox have been approved for use, nothing more.  This isn't any kind of exclusive.
    SpamSandwichanantksundaramjbdragonredgeminipawatto_cobrajony0
  • Reply 3 of 28
    gatorguygatorguy Posts: 24,176member
    igorsky said:
    melgross said:
    I believe it's the defense department that has chosen a Samsung phone with Knox as its security phone. I don't know why, but there must be some good reason. Perhaps that's what they'll give Trump.
    This is incorrect...Samsung phones with Knox have been approved for use, nothing more.  This isn't any kind of exclusive.
    I guarantee the phone he's using will be reported here if it's found to be an iPhone. No stock phone would be permitted in any event. Was it ever determined Obama used even a modified iPhone? Maybe, but it was a funny exchange when Jimmy Fallon asked him about it after he gave up his Blackberry last year:
     http://fortune.com/2016/06/10/president-obamas-new-smartphone-is-more-like-a-toddler-phone/

    "After seven years in the Oval Office, Obama was told to hand over is Blackberry in favour of an NSA-made "hardened" phone. The device, which speculation indicates could be a Samsung Galaxy S4, has biometric authentication, but it doesn't have a camera and is only allowed to download a certain number of restricted apps from the Defense Information Systems Agency's store. 

    When Obama was given a smartphone to replace his Blackberry at the beginning of this year he says the NSA told him, "Mr President for security reasons this is a great phone, state of the art, but it doesn't take pictures, you can't text, the phone doesn't work, you can't play your music on it". 

    "Does your three year old have one of those play phones? With the stickers on it? That's basically the phone I've got," Obama told Jimmy Fallon in June (2016)"

    :)

    edited January 2017 russwretrogustowatto_cobraargonautwaterrocketsjony0
  • Reply 4 of 28
    melgross said:
    I believe it's the defense department that has chosen a Samsung phone with Knox as its security phone. I don't know why, but there must be some good reason. Perhaps that's what they'll give Trump.
    That would be poor optics for Trump. Probably an iPhone.
    anantksundaramwatto_cobra
  • Reply 5 of 28
    gatorguy said:
    igorsky said:
    melgross said:
    I believe it's the defense department that has chosen a Samsung phone with Knox as its security phone. I don't know why, but there must be some good reason. Perhaps that's what they'll give Trump.
    This is incorrect...Samsung phones with Knox have been approved for use, nothing more.  This isn't any kind of exclusive.
    I guarantee the phone he's using will be reported here if it's found to be an iPhone. No stock phone would be permitted in any event. 
    iPhone now accepts MDM (Mobile Device Management), so no need for a custom iOS install anymore.
  • Reply 6 of 28
    http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/

    So the Pegasus exploit has been around since IOS7, yet we claim iPhone are so super secure. No, we don't know what other flaws exist in the OS to really make that claim.
    brucemc
  • Reply 7 of 28
    gatorguygatorguy Posts: 24,176member
    gatorguy said:
    igorsky said:
    melgross said:
    I believe it's the defense department that has chosen a Samsung phone with Knox as its security phone. I don't know why, but there must be some good reason. Perhaps that's what they'll give Trump.
    This is incorrect...Samsung phones with Knox have been approved for use, nothing more.  This isn't any kind of exclusive.
    I guarantee the phone he's using will be reported here if it's found to be an iPhone. No stock phone would be permitted in any event. 
    iPhone now accepts MDM (Mobile Device Management), so no need for a custom iOS install anymore.
    Android phones also accept MDM as a quick search would show. So yes the POTUS phone will still need a heavily modified operating system on a extremely limited function handset. 
    edited January 2017 brucemc
  • Reply 8 of 28
    http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/

    So the Pegasus exploit has been around since IOS7, yet we claim iPhone are so super secure. No, we don't know what other flaws exist in the OS to really make that claim.
    It's worth noting that exploit has been fixed, as explained in the article.

    Obviously we don't know any other flaws in iOS until they're discovered and so we must take things seriously. However, that doesn't draw any conclusions as to how secure iOS is relative to other OS's. There is much reason to believe that iOS is very secure. That is, unless someone wants to believe it's insecure because of one article about an exploit, in which case we are all capable of believing nearly anything.
    jbdragonadmiral.ashikwatto_cobraargonaut
  • Reply 9 of 28
    macxpressmacxpress Posts: 5,801member
    gatorguy said:
    gatorguy said:
    igorsky said:
    melgross said:
    I believe it's the defense department that has chosen a Samsung phone with Knox as its security phone. I don't know why, but there must be some good reason. Perhaps that's what they'll give Trump.
    This is incorrect...Samsung phones with Knox have been approved for use, nothing more.  This isn't any kind of exclusive.
    I guarantee the phone he's using will be reported here if it's found to be an iPhone. No stock phone would be permitted in any event. 
    iPhone now accepts MDM (Mobile Device Management), so no need for a custom iOS install anymore.
    Android phones also accept MDM as a quick search would show. So yes the POTUS phone will still need a heavily modified operating system on a extremely limited function handset. 
    Android might accept MDM but its extremely limited in what they can do compared with iOS. You can completely lock down an iOS device with an MDM, even if the device it wiped when the device checks back into Apple to reactive, Apple's servers will point the divide back to the MDM for configuration. There is no way around this for any user that happens to get ahold of a device thats managed via MDM.

    Since Android devices have many different versions of the OS it makes it very hard to manage a device (or devices) since some may not support certain features.
    edited January 2017 jbdragonredgeminipaadmiral.ashik
  • Reply 10 of 28
    gatorguy said:
    gatorguy said:
    igorsky said:
    melgross said:
    I believe it's the defense department that has chosen a Samsung phone with Knox as its security phone. I don't know why, but there must be some good reason. Perhaps that's what they'll give Trump.
    This is incorrect...Samsung phones with Knox have been approved for use, nothing more.  This isn't any kind of exclusive.
    I guarantee the phone he's using will be reported here if it's found to be an iPhone. No stock phone would be permitted in any event. 
    iPhone now accepts MDM (Mobile Device Management), so no need for a custom iOS install anymore.
    Android phones also accept MDM as a quick search would show. So yes the POTUS phone will still need a heavily modified operating system on a extremely limited function handset. 
    I wasn't implying that Android doesn't support MDM, I am simply saying MDM gives a full enterprise capability that there is no need for a customized iOS. MDM allows IT to restrict anything, just like in BB. Where I work, our enterprise implementation only supports iOS MDM as well.
    admiral.ashik
  • Reply 11 of 28
    nhtnht Posts: 4,522member
    macxpress said:
    gatorguy said:
    Android phones also accept MDM as a quick search would show. So yes the POTUS phone will still need a heavily modified operating system on a extremely limited function handset. 
    Android might accept MDM but its extremely limited in what they can do compared with iOS. You can completely lock down an iOS device with an MDM, even if the device it wiped when the device checks back into Apple to reactive, Apple's servers will point the divide back to the MDM for configuration. There is no way around this for any user that happens to get ahold of a device thats managed via MDM.

    Since Android devices have many different versions of the OS it makes it very hard to manage a device (or devices) since some may not support certain features.
    Android MDM is more flexible than iOS.  You can lock out specific apps whereas in iOS it appears to be all or nothing.

    Whether it's easier to break the MDM on Android is a different issue.

    On Android I can lock up the Twitter app on my daughter's phone at will (which might be kinda a good thing on POTUS' phone too...).

    On iOS not so much.
  • Reply 12 of 28
    mtbnutmtbnut Posts: 199member
    Thinking worst-case arm-, hand- or thumb-sawing scenarios, would Touch ID enabled be a good thing? 
  • Reply 13 of 28
    gatorguygatorguy Posts: 24,176member
    macxpress said:
    gatorguy said:
    gatorguy said:
    igorsky said:
    melgross said:
    I believe it's the defense department that has chosen a Samsung phone with Knox as its security phone. I don't know why, but there must be some good reason. Perhaps that's what they'll give Trump.
    This is incorrect...Samsung phones with Knox have been approved for use, nothing more.  This isn't any kind of exclusive.
    I guarantee the phone he's using will be reported here if it's found to be an iPhone. No stock phone would be permitted in any event. 
    iPhone now accepts MDM (Mobile Device Management), so no need for a custom iOS install anymore.
    Android phones also accept MDM as a quick search would show. So yes the POTUS phone will still need a heavily modified operating system on a extremely limited function handset. 
    Android might accept MDM but its extremely limited in what they can do compared with iOS. You can completely lock down an iOS device with an MDM, even if the device it wiped when the device checks back into Apple to reactive, Apple's servers will point the divide back to the MDM for configuration. There is no way around this for any user that happens to get ahold of a device thats managed via MDM.

    Since Android devices have many different versions of the OS it makes it very hard to manage a device (or devices) since some may not support certain features.
    The POTUS only needs one. :)
  • Reply 14 of 28
    gatorguygatorguy Posts: 24,176member
    gatorguy said:
    gatorguy said:
    igorsky said:
    melgross said:
    I believe it's the defense department that has chosen a Samsung phone with Knox as its security phone. I don't know why, but there must be some good reason. Perhaps that's what they'll give Trump.
    This is incorrect...Samsung phones with Knox have been approved for use, nothing more.  This isn't any kind of exclusive.
    I guarantee the phone he's using will be reported here if it's found to be an iPhone. No stock phone would be permitted in any event. 
    iPhone now accepts MDM (Mobile Device Management), so no need for a custom iOS install anymore.
    Android phones also accept MDM as a quick search would show. So yes the POTUS phone will still need a heavily modified operating system on a extremely limited function handset. 
    I wasn't implying that Android doesn't support MDM, I am simply saying MDM gives a full enterprise capability that there is no need for a customized iOS. MDM allows IT to restrict anything, just like in BB. Where I work, our enterprise implementation only supports iOS MDM as well.
    You may not believe it does. For whatever reason the NSA doesn't agree with you. Perhaps there's something they know that we don't. 
    cgWerks
  • Reply 15 of 28
    calicali Posts: 3,494member
    How does a billionaire end up with a cheap iKnockoff?

    He'll probably just keep his iPhone. Would be ironic and funny.
    jbdragon
  • Reply 16 of 28
    mtbnut said:
    Thinking worst-case arm-, hand- or thumb-sawing scenarios, would Touch ID enabled be a good thing? 
    I thought we proved that didn’t work… However, do note that you can use parts of your body which don’t have fingerprints and Touch ID does still work (with varying levels of reliability up to and including 100%, depending on the body part chosen. If you want some security through obfuscation, that’s the way to go.
  • Reply 17 of 28
    georgie01 said:
    http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/

    So the Pegasus exploit has been around since IOS7, yet we claim iPhone are so super secure. No, we don't know what other flaws exist in the OS to really make that claim.
    It's worth noting that exploit has been fixed, as explained in the article.

    Obviously we don't know any other flaws in iOS until they're discovered and so we must take things seriously. However, that doesn't draw any conclusions as to how secure iOS is relative to other OS's. There is much reason to believe that iOS is very secure. That is, unless someone wants to believe it's insecure because of one article about an exploit, in which case we are all capable of believing nearly anything.
    Actually we can
    https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html (984 exploits)
    https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html (746 exploits)

    These phones and their operating systems are very complex, so issues will arise. But there really isn't such a big difference between them in the grand scheme of things.
    edited January 2017 brucemc
  • Reply 18 of 28
    nhtnht Posts: 4,522member
    georgie01 said:
    http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/

    So the Pegasus exploit has been around since IOS7, yet we claim iPhone are so super secure. No, we don't know what other flaws exist in the OS to really make that claim.
    It's worth noting that exploit has been fixed, as explained in the article.

    Obviously we don't know any other flaws in iOS until they're discovered and so we must take things seriously. However, that doesn't draw any conclusions as to how secure iOS is relative to other OS's. There is much reason to believe that iOS is very secure. That is, unless someone wants to believe it's insecure because of one article about an exploit, in which case we are all capable of believing nearly anything.
    Actually we can
    https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html (984 exploits)
    https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html (746 exploits)

    These phones and their operating systems are very complex, so issues will arise. But there really isn't such a big difference between them in the grand scheme of things.
    First, CVE identifiers do not map 1:1 to vulnerabilities.  Further the iOS vulnerabilities include webkit/safari vulnerabilities while the Android ones do not include webkit/Chrome vulnerabilities.  That's a large percentage of the vulnerabilities listed for iOS right there.  In fact the iOS vulnerabilities include chrome vulnerabilities while android doesn't.

    https://www.cvedetails.com/cve/CVE-2016-5131/

    How's that for weird.

    Also a lot of the CVE's state "in Apple iOS before 10..." so many of the CVEs were addressed on the vast majority of iOS devices in the wild.

    So there is a huge difference in the number of vulnerabilities between iOS and android.  Android has a lot more and a higher percentage still exists in phones being sold today with older versions of Android that don't contain the latest security fixes.  Some cheap phones still ship with Lollipop and a couple flagships still ship with Marshmallow.

    There was a good talk be Brian Martin (vulndb) and Steve Christey (from MITRE, the source of the CVE statistics) about vulnerability statistics talk at Blackhat a few years ago that I wasn't able to attend but short version is comparing iOS CVE counts to Android CVE counts is bogus.

    CVE also isn't a complete set.  For example OSVDB was tracking nearly 40,000 vulnerabilities that did not have CVE assignments before the maintainers pulled the plug on OSVDB.
    watto_cobra
  • Reply 19 of 28
    The POTUS phone needs unique hardware for encrypted voice communications.
  • Reply 20 of 28
    That's pretty funny after he told his supporters to boycott Apple.
    baconstangwatto_cobra
Sign In or Register to comment.