How to secure a smartphone for the tweeter-in-chief

 

Connecting state and local government leaders

Beyond ensuring overall network security, government cybersecurity specialists have several ways of locking down a smartphone.

This article first appeared on The Conversation.

The Conversation

As President Donald Trump takes office, he has also taken up a new, digital symbol of the presidency. Before, during and since the campaign, he used an Android smartphone to conduct his business and tweet prolifically, directly reaching millions of followers. But when he was inaugurated, Trump surrendered that device and accepted in its place a smartphone that has somehow been made more secure.

It is a key move for a man who might now be not only the 45th commander-in-chief but also America’s first president with such devotion to Twitter. Many private companies deal with issues like this, in which employees joining the ranks already have a mobile phone they use for their personal life. Should that device be connected to company systems? Or should workers be issued a cumbersome second phone for work-only purposes? There are federal recommendations about that, but few firms are handling data as sensitive as the president’s phone might be.

A presidential smartphone is probably the most attractive target imaginable for foreign governments’ hackers. Attacking the phone could provide access to the highest secrets of national security, and near-constant real-time information about exactly where the president is, raising the potential for physical threats. Securing a phone like that requires several layers of protection.

Exactly what has been done to protect the president’s phone is intentionally left unclear to the public. But as a scholar of mobile security, I know that beyond overall network security measures, there are several technological approaches to securing a smartphone for special use. The most secure, however, is also among the least practical and least likely: ensuring the phone cannot connect to the internet at all. So how might have government cybersecurity specialists locked down Trump’s new phone?

Hiding key information

One level of protection is what is called “security by obscurity.” Many people presumably had Trump’s pre-presidential phone number. Now, relatively few people will have his new number. Similarly, his old phone’s internal device identifiers, such as its unique 15-digit International Mobile Equipment Identity number, or IMEI, may not have been as carefully guarded as those for his new phone. Keeping that information secret means the first hurdle for potential attackers involves figuring out which phone to attack in the first place.

Another layer of security involves ensuring the device was made by a trusted manufacturer, using trusted components, reducing the risk that the hardware would have any vulnerabilities that an attacker could exploit. Similarly, anyone who worked with or handled the phone at any step would have to be prevented from tampering with it to introduce any weaknesses.

Adding even more security in the physical device itself would be a specialized computer chip to add significant encryption capability for data stored on the phone or transmitted to or from it. Called a “Trusted Platform Module,” this hardware element is required by the Defense Department in all new devices handling military information. In addition, it could be used to ensure that any attempts to tamper with the phone, its settings or the operating system installed would be identified immediately.

Custom configuration

The phone also might be configured to connect only with certain predetermined phone and data networks that are regularly screened against intrusions. Limiting its contact with the internet would, of course, be key -- though that would also significantly limit the phone’s usefulness to a president whose routine involves constant connection.

To handle that middle ground -- finding a compromise between a full, unrestricted internet connection and a completely disconnected device -- Trump’s phone likely has some degree of customization. This could include a custom operating system, such as the Android variants the Department of Defense has developed. These would contain security features not typically found in commercial systems, such as special restrictions on logging in and unlocking the phone, as well as specialized encryption settings.

A more limited app store

The apps allowed on the president’s phone should be few and limited only to those verified in advance. There should be little, if any, ability to automatically download and install apps, which could carry with them security-breaching code. For similar reasons, automatic updates to apps or the operating system might be restricted.

What happens inside a phone’s processor and memory when it’s running an app is already fairly secure even on commercial smartphones. Parts of the memory storing data and other parts handling the software instructions for working with those data are typically separated and identified. For smartphones such as those used by the president, this memory tagging should be done in hardware. This can prevent a number of different types of attacks that try to trick the device into running software code from areas of memory set aside to handle data.

Also important is determining which data an app can use. Most operating systems allow users to make that decision. To improve security even more, the phone could be programmed with mandatory limits provided by, say, the Secret Service. To some degree, this ability is present on many smartphones, preventing users or attackers from corrupting key elements of the system.

But it could be stepped up -- even enforcing that a particular file could be shared only with people or apps holding a certain level of security clearance and having the system prevent sharing it elsewhere. For example, even if the president inadvertently told the Twitter app (if it’s installed on his phone) to share a piece of classified information, the phone’s software could step in and prevent that from happening.

Additional steps

Separately encrypting the memory spaces used by each app can boost security further. That would ensure that even if a malicious app makes its way onto the phone, it cannot see what other apps are doing nor read the data they are working with.

Academic researchers have developed other ways that could be incorporated into a more secure presidential smartphone. The concept of “data tagging” can ensure that data that have been accessed by a certain app are accessed only in restricted ways. For example, the phone could be instructed that information that has passed through the White House’s secure wireless networks should not be accessible to the Twitter app.

Additionally, context-dependent settings could monitor the phone’s location and take note of surrounding devices. Perhaps the phone’s microphone and camera could be shut off, and any active Twitter link disconnected, if the phone itself is in the Oval Office, and whenever the president is meeting with members of his national security team.

How exactly the president’s phone is protected is vitally important to our national security. Trump’s agreement to stop using his previous, commercial-grade phone in favor of a government-secured one is a good step toward keeping the president informed and engaged while he and the nation also stay safe.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.