Security concerns force President Trump to ditch Android phone
Incoming U.S. President Donald Trump has reportedly had to switch from his old Android phone to a new device, potentially a modified Apple iPhone.
Trump turned in his previous phone after arriving in Washington, D.C. on Thursday in preparation for Friday's inauguration, the Associated Press said. He was under pressure from security agencies to do so, given the potential threats posed by hackers gaining access.
While Trump's new device is unknown, it could be an iPhone if he follows in the steps of his predecessor. Barack Obama was the first U.S. president to carry a cellphone, initially starting with a modified BlackBerry, later migrating to an iPhone.
Obama's iPhone had its own restrictions, such as a limited number of people he could exchange email with. One benefit, though, is that it was the only device with access to the @POTUS Twitter account.
Trump was infamous for his Twitter posts during his election campaign, but has said he will continue to post through the @realDonaldTrump account, even after taking office. He or his staff have posted from an iPhone in the past.
While it is possible to lock down an Android phone -- by enabling full-disk encryption, using secure services, disabling riskier features, or even writing a customized version of Android -- an iPhone is often a simpler option. Full-disk encryption is on by default in iOS 8 and later, and any device with a Touch ID sensor also has a Secure Enclave, making even physical hacking difficult without a warrant.
iOS also doesn't allow native filesystem access, restricting what the software is capable of, but also safely sandboxing apps.
As of this writing, Trump's inauguration ceremony is currently ongoing. Read how to watch the event live on an iOS device or Apple TV.
Trump turned in his previous phone after arriving in Washington, D.C. on Thursday in preparation for Friday's inauguration, the Associated Press said. He was under pressure from security agencies to do so, given the potential threats posed by hackers gaining access.
While Trump's new device is unknown, it could be an iPhone if he follows in the steps of his predecessor. Barack Obama was the first U.S. president to carry a cellphone, initially starting with a modified BlackBerry, later migrating to an iPhone.
Obama's iPhone had its own restrictions, such as a limited number of people he could exchange email with. One benefit, though, is that it was the only device with access to the @POTUS Twitter account.
Trump was infamous for his Twitter posts during his election campaign, but has said he will continue to post through the @realDonaldTrump account, even after taking office. He or his staff have posted from an iPhone in the past.
While it is possible to lock down an Android phone -- by enabling full-disk encryption, using secure services, disabling riskier features, or even writing a customized version of Android -- an iPhone is often a simpler option. Full-disk encryption is on by default in iOS 8 and later, and any device with a Touch ID sensor also has a Secure Enclave, making even physical hacking difficult without a warrant.
iOS also doesn't allow native filesystem access, restricting what the software is capable of, but also safely sandboxing apps.
As of this writing, Trump's inauguration ceremony is currently ongoing. Read how to watch the event live on an iOS device or Apple TV.
Comments
http://fortune.com/2016/06/10/president-obamas-new-smartphone-is-more-like-a-toddler-phone/
"After seven years in the Oval Office, Obama was told to hand over is Blackberry in favour of an NSA-made "hardened" phone. The device, which speculation indicates could be a Samsung Galaxy S4, has biometric authentication, but it doesn't have a camera and is only allowed to download a certain number of restricted apps from the Defense Information Systems Agency's store.
When Obama was given a smartphone to replace his Blackberry at the beginning of this year he says the NSA told him, "Mr President for security reasons this is a great phone, state of the art, but it doesn't take pictures, you can't text, the phone doesn't work, you can't play your music on it".
"Does your three year old have one of those play phones? With the stickers on it? That's basically the phone I've got," Obama told Jimmy Fallon in June (2016)"
So the Pegasus exploit has been around since IOS7, yet we claim iPhone are so super secure. No, we don't know what other flaws exist in the OS to really make that claim.
Obviously we don't know any other flaws in iOS until they're discovered and so we must take things seriously. However, that doesn't draw any conclusions as to how secure iOS is relative to other OS's. There is much reason to believe that iOS is very secure. That is, unless someone wants to believe it's insecure because of one article about an exploit, in which case we are all capable of believing nearly anything.
Since Android devices have many different versions of the OS it makes it very hard to manage a device (or devices) since some may not support certain features.
Whether it's easier to break the MDM on Android is a different issue.
On Android I can lock up the Twitter app on my daughter's phone at will (which might be kinda a good thing on POTUS' phone too...).
On iOS not so much.
He'll probably just keep his iPhone. Would be ironic and funny.
https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html (984 exploits)
https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html (746 exploits)
These phones and their operating systems are very complex, so issues will arise. But there really isn't such a big difference between them in the grand scheme of things.
https://www.cvedetails.com/cve/CVE-2016-5131/
How's that for weird.
Also a lot of the CVE's state "in Apple iOS before 10..." so many of the CVEs were addressed on the vast majority of iOS devices in the wild.
So there is a huge difference in the number of vulnerabilities between iOS and android. Android has a lot more and a higher percentage still exists in phones being sold today with older versions of Android that don't contain the latest security fixes. Some cheap phones still ship with Lollipop and a couple flagships still ship with Marshmallow.
There was a good talk be Brian Martin (vulndb) and Steve Christey (from MITRE, the source of the CVE statistics) about vulnerability statistics talk at Blackhat a few years ago that I wasn't able to attend but short version is comparing iOS CVE counts to Android CVE counts is bogus.
CVE also isn't a complete set. For example OSVDB was tracking nearly 40,000 vulnerabilities that did not have CVE assignments before the maintainers pulled the plug on OSVDB.