Hacker News new | past | comments | ask | show | jobs | submit login
When Trump Phones Friends, the Chinese and the Russians Listen and Learn (nytimes.com)
104 points by petethomas 11 months ago | hide | past | web | favorite | 88 comments

Why don't they have a mobile cell access point (like a Stingray) that they carry around with the president, for his off the shelf iPhone to connect to? And this access point would connect securely to a NSA proxy or whatever.

Or is the problem further down the line, do the Chinese intercept the international carrier links between USA and Germany let's say?

Given the money the US military has (equal to 50% of the entire Russian economy), you'd sure think they could afford to throw whatever was necessary at improving security for Trump's iPhone situation. I suspect the point of an article like this, which is an off the record leak of internal information that wasn't authorized, is to get Trump to abandon the iPhone period. I don't think these insiders want to bother with trying to increase the security for how things are now (they may view it as very impractical), they're seeking to embarrass Trump into changing behavior (good luck).

Or why not use a VOIP like protocol with end to end encryption like WhatsApp or telegram ?

Because that requires buy-in by the person you want to call. And Mr. Trump wants to call whomever he wants, whenever he wants; he's not going to wait for his staff to arrange for the other person to install WhatsApp.

I wonder why Apple doesn't encrypt calls between iPhones. And subsequently work on an open encryption standard with Google et al.

It's strange that Facetime and Messages and Whatsapp and others are end-to-end encrypted, but voice is not.

Facetime Audio is encrypted, just use that.

Or Signal calling

Lack of support, the government is against popularization of encryption, and who would hold the keys?

End to end encryption would not prevent malware from having access to your microphone.

Nothing can save you if you install malware on your device.

But end to end encryption would be good for everyone -- not just world leaders.

Presumably you would not have malware on your phone on iOS, or at least, that's the goal.

It would be interesting if phone calls ended up becoming end-to-end encrypted because of something like this.

I think that it is more likely that the president and certain other VIPs would get end-to-end encryption. Remember, law enforcement agencies still paint the picture that only drug dealers, terrorists, and other criminals need end-to-end encryption.

You can do this with certain applications over a data connection, e.g., Signal, Wire, and others.

Do we know how the calls are being intercepted?

There are other articles talking about how many stingray devices there are in Washington DC owned by foreign governments.

One would think that the President's team would travel with a known-good pico-cell device and let his phone only connect to that. Or force wi-fi calling and only let the phone connect to the wi-fi network they bring along everywhere.

This doesn't prevent the other end from being surveilled, if indeed the signal is being intercepted. Similarly, keeping his phone malware free doesn't solve the problem of his friends' phones getting compromised. So without both ends on a secure line there is no real good way to secure things. Those listening in, as suggested by the paper, do not necessarily need to intercept every call. Sure they would love to listen in on every call, but it is not necessary if they just want to get a better model of how he thinks.

There is a huge amount of unwarranted assumptions and misplaced trust in the President* to follow the advice of his team in this thread. He has made it very clear that he thinks he is the smartest person in the world and doesn't need to listen to experts.

I don't think anyone can follow him with a known-good device and let him connect to that. The article describes his short-temper and complete unwillingness to sacrifice even a few minutes to take care of security issues.

> Or force wi-fi calling and only let the phone connect to the wi-fi network they bring along everywhere.

You cannot force this President* to do anything that he thinks inconveniences him. You can't "force WiFi calling" without being fired or at least being afraid of it.

The solution here is not a technology fix for the phone of this President. The fix is a new Congress that cares about national security and a new President that cares about national security.


> One would think that the President's team would...

No, one really wouldn't. The President's team is not concerned with actually fixing this problem. They have made it clear that national security concerns come second to the whims and desires of the President*.

Nothing in the schemes I suggest takes the President any time. You outfit his environment with picocells & secure wi-fi networks, set up his phone to prefer to connect to those, and you're done at least for preventing Stingray attacks.

I think a more compelling answer would be "You'd think that the government's IT people would have found a way for Hillary Clinton to have an easy-to-use yet secure email server and yet they stonewalled her to the point that she had her own server set up at home."

Wish I could read a good answer to this one.


Could you please not post unsubstantive comments to Hacker News?

Hmm...why don't they force Wifi calling? Should be more secure than GSM, no?

Does the white house have wifi? Serious question.

Yes it does, Obama directly addresses the topic in this interview: https://www.cbsnews.com/video/president-barack-obama-and-mrs...

> King asked, "Is the water pressure good? Is there Wi-Fi? Does the toilet run in the Lincoln bedroom."

> "You know that whole tech thing, we've been trying to get that straight for the next group of folks," President Obama replied. "This is an old building so there's a lot of dead spots where the WiFi doesn't work...no, actually it's an issue."

I don't think the technology of choice here is the problem. It's that the President doesn't care if he is compromised, but that he sold the nation on how unsafe Hillary would be with communications.

Pick any tech you like for the President's* phone calls, foreign governments will still listen because he simply doesn't care.

Edit: Also, why was Russia, the country that is actively attacking the US and has been for years, removed from the headline? Seems the most important part. (and don't tell me it doesn't fit, there's plenty of room).

This article mentions that restoring an iphone from backup also risks transferring any malware.

What would be the way to restore an iphone: would restore data from icloud also risk malware infection if the phone had it? (E.g. syncing calendars, imessages, health data, etc, all of which can use icloud sync)

Referring to regular iphones here, not the president's custom phone

For backed up data to carry a piece of malware, they'd have to exploit a zero-day bug in iOS or in the associated app. That's possible in theory, but those have been rare, and once iOS or the app gets fixed, the exploit in the data is neutralized.

Looking at a list of known iOS malware [1] I don't offhand see any tools that manage to install themselves through exploits in non-jailbroken iOS or exploits normal App Store apps.

The closest thing I saw was an injection of malware into a pirated version of the Xcode developer tools, causing all apps compiled with that version to be infected. Those apps were then spread through a third-party app store--so again only loaded onto jailbroken iPhones.

Perhaps the scariest thing is something like Wirelurker[2] that spreads over USB connections and can spread from iPhones to Macs and back to other iPhones. People don't plug into other Macs very much, but if this were modified to affect CarPlay, it could spread from iPhone to rental car to iPhone, to iPhone, to iPhone...

[1] https://www.theiphonewiki.com/wiki/Malware_for_iOS

[2] http://time.com/3560875/iphone-malware-wirelurker/

Great summary, thanks! So basically, exploits are possible on extremely high value targets like the president, but apart from that there are basically no malware worried for updated, non-jailbroken iphones.

I'd been curious about this since reading about NSO Pegasus and their SMS method. Is this likely in the "zero day, high value target category"?

I've never properly seen an explanation of how it's supposed to work.


Pegasus is listed in that exploit wiki link I posted above and they link to some technical documents about it.

Oh thanks, so they’re all patched and it only works against older iphones/non-updated iphones.

> what arguments tend to sway him and to whom he is inclined to listen — to keep a trade war with the United States from escalating further.

So, maybe it's a good thing he's using his iPhone.

How difficult would it be to develop something like an iPhone One for the president and other high officials?

> His Twitter phone can connect to the internet only over a Wi-Fi connection

There was a lot of criticism regarding him using Twitter with regards to computer safety. I would think that the CIA or Secret Service approaches Twitter in such a case and tries to work out a custom solution to make extra sure the account isn't vulnerable to tampering. Like 2FA where he gets the pins from an assistant or something like that.

German government has/had iPhone Ones. Didn't stop allies from eavesdropping.

>Officials said the president has two official iPhones that have been altered by the National Security Agency to limit their capabilities — and vulnerabilities — and a third personal phone that is no different from hundreds of millions of iPhones in use around the world. Mr. Trump keeps the personal phone, White House officials said, because unlike his other two phones, he can store his contacts in it.

If this is truly the root cause of the issue, it should be relatively simple to rectify.

ETA: aside from the obvious solution of getting his contacts on the secure phones, is there any reason he couldn't use a satellite phone to bypass insecure cell networks altogether?

It wouldn't matter. The weakest link in any chain is the one that will be attacked. They'll simply listen in on the other end (the friend's phone), since the calls themselves are not encrypted and it is unlikely that the government is going to pay for all of his friends to have secure phones/lines. This has likely been the case with all calls to all friends of all Presidents for many decades.

Do we actually trust the NSA to be better at security than Apple, especially if that "better security" comes in the form of "modifying the phone," whatever that means?

Maybe they just set up a VPN or custom cell information on it? Can you do that on iPhone?

"Modifying the phone" likely means stuff like physically disabling the camera.

> If this is truly the root cause of the issue, it should be relatively simple to rectify.

I think it's pretty clear, with the most charitable possible reading of this article and your comment, that the root cause is not an issue with contacts on his phone.

The root cause is quite clearly a complete lack of respect that Trump has for the American people: He does. not. care. about the country's security or anybody in it.

The root cause isn't some stupid argument about contacts in his phone. The root causes are arrogance [1], hate towards American people [2], and corrupted power [3]. I'll cite these.

[1] He says he is the smartest person in the world and does not need to confer with experts about anything. Why would he need a secure phone then?

[2] He has directly insulted American citizens who care about the national security risks he poses. He uses terrorist-like language to describe Americans. He doesn't care about his phone being hacked.

[3] He acts like he thinks he is King. He acts like there are no rules for him, and the Republican Congress makes that fact true - for now.

This has nothing to do with technology and the solution doesn't have anything to do with technology either.

If you are wondering if other countries are intercepting calls by hacking the carriers, the article seems to mainly point the finger at malware. It said the protocol is to replace the phones with no backups every month or so.

"Mr. Trump is supposed to swap out his two official phones every 30 days for new ones but rarely does, bristling at the inconvenience. White House staff members are supposed to set up the new phones exactly like the old ones, but the new iPhones cannot be restored from backups of his old phones because doing so would transfer over any malware."

> the article seems to mainly point the finger at malware

Actually the article says:

> "But the calls made from the phones are intercepted as they travel through the cell towers, cables and switches that make up national and international cellphone networks. Calls made from any cellphone — iPhone, Android, an old-school Samsung flip phone — are vulnerable."

That is a good point. The paper didn't make it as black and white as I read. However in my mind intercepting calls without police power (thus carrier cooperation) is much harder to achieve.

The intelligence services are really clever in getting the information they need. Often, just like with other forms of security holes, they just need to be clever exactly once, and that might lead to months or years of intelligence.

I also think of intelligence agencies are a little like magicians in how readily they will exploit someone's trust in reality.

Right. Considering that calls can be intercepted at either end, just securing his end does not preclude the call from getting compromised on the other end. Maybe that is why the security people are not pushing back that hard, since it is fairly hopeless to limit him to only speaking over secured lines. Sure it is easy for him to access a secured line, but not the friends he wants to talk to.

> Maybe that is why the security people are not pushing back that hard

And I quote:

"Mr. Trump’s use of his iPhones was detailed by several current and former officials, who spoke on the condition of anonymity so they could discuss classified intelligence and sensitive security arrangements. The officials said they were doing so not to undermine Mr. Trump, but out of frustration with what they considered the president’s casual approach to electronic security."

They have those guys taping together all of Trump's ripped up papers, surely they can get someone to essentially do manual data entry from one phone to the other?

Makes it clear that this is not a technology problem, like most of the commenters here are assuming. There is no technology fix for a President* who actively tries to get foreign countries to destabilize our democratic elections. If they don't hack his phone, he'll go on TV and ask Russia to start the hack already. Just like he did before.

Similarly to how agreed-upon overflights increase security (as your opponent knows you're not preparing an attack and/or are keeping to treaty obligations) one could consider this a good thing.

Of course China is not currently a military threat to the US, at least at the level deserving attention of a US president (e.g. random encounters in the Spratleys are jostling, not escalation).

I certainly don't think this is a responsible practice but it's interesting to consider it in a game theoretic context.

Overflights check on what countries are physically doing. Stepping up that concept, trust but verify, to include policy changes is a big leap. Overflights do not provide a chance to directly alter behavior in the way that diagramming a president's cellpohone patterns can. This isn't verification. This is intelligence being used to alter policy. That isn't trust but verify, that's, examine, meddle and influence.

>Of course China is not currently a military threat to the US ...

I would disagree. China routinely threatens U.S. naval vessels which transit disputed regions of the South China Sea, and maintains a large battery of missiles pointed at Taiwan, an American diplomatic ally. They have also developed hypersonic anti-carrier missiles, and are rapidly expanding their blue-water navy.

I referred the jostling in the Spratleys in my comment and on their ability to project force in another comment down thread.

They are rapidly expanding a blue water navy from a tiny starting point (e.g. recently bringing online a Ukranian aircraft carrier (not a super carrier) doubled their carrier force) and have a few remote naval bases, but their strength, to the degree it exists, is locally strong and externally mainly soft power.

There is no question the US would abandon Taiwan the same as Macarthur pulled back to the southern half of Australia in WWII. Pragmatics argues this -- as pragmatics argue against China actually attacking Taiwan militarily any time in the next 30 years. E.g. bombing Hon Hai would degrade Chinese manufacturing unacceptably.

In surprised to hear someone say China is not a military threat to the United States. Can you expound on this?

For example, I believe China could easily organize and fund far more terrorist attacks than, say, bin laden ever did. Furthermore, their terrorist attacks could much more easily utilize nuclear material.

China has no interest in funding terrorist attacks against the U.S. or anyone else. They want to be a Great Power, not a rogue state.

Aside from nukes, which would draw an obvious and unstoppable reprisal from the U.S., China does not have the military capability to meaningfully threaten the U.S. They don't have the aircraft, ships, subs, landing craft, etc. And again, I don't know why they would want that.

They do have the means to threaten their regional neighbors, though, and some of them are U.S. allies. That's the WWIII threat: that Chinese regional aggression sucks the U.S. into a military confrontation on China's turf.

Interesting. I feel I could say the same of the USA vs China - any outright attack against China would draw a massive response, and I hardly believe the USA is capable of occupying China in any meaningful way.

Well, I'm not sure what you mean by "massive response" as China's nuclear capability is more for regional prurposes (i.e. India) though I do believe they have some ICBMs capable of reaching anywhere in north america. But their military resources are much smaller (e.g. they only have a couple of aircraft carriers and no supercarriers) and the PLA isn't really set up for projection of force at a distance.

I do agree to the extent that though the US would win any initial skirmish the long term viability of such an effort close to or on the Chinese mainland is probably not great.

Then again I can't come up with any reason the US would want to fight a war with China either (or vice versa), but who knows these days.

A physically violent and currently-attacking-us Russia, spying on the communications of the US President*, is _not_ a good thing. This is a very clear military threat.

China isn't a military threat, but Russia has proved that military power isn't necessary to sow chaos and destabilize the US. You don't even need military-grade hackers.

Russia has "destabilized" the US? That is hyperbole at best, unless you know something I don't. What exactly are you referring to? They seem to have destabilized the US media, in the sense that they can't publish enough stories about Russia. But have they actually achieved anything in any real way?


There are so many issues with your comment that I don't know where to begin, but I won't bother addressing all of them because it will just devolve into typical Hn-ness. I will address the more egregious misstatements you have made.

Russia actively attacks US election infrastructure

Running a few ads, with a small budget, or having some fake Twitter accounts post things that millions of others are already saying, in my view does not constitute an "attack on the US election infrastructure".

Our elections were hacked with...real physical hacks

That would be news indeed. Source?

People are dying in the streets from the actions taken by violent right-wing people who are directly encouraged by language from RT and from the President


constantly gather support to jail people who have committed no crimes

Source? Please name one person currently in jail in the US that has not been convicted of a crime and does not have a criminal case pending. Again, that would indeed be news.

> There are so many issues with your comment that I don't know where to begin, but I won't bother addressing all of them because it will just devolve into typical Hn-ness. But I will address the more egregious misstatements you have made.

There's no need to insult me to start with. Please abide by the HN guidelines and do not just start insulting people. Let's just talk about all this and get right to the content:

> Running a few ads, with a small budget, or having some fake Twitter accounts post things that millions of others are already saying, in my view does not constitute an "attack on the US election infrastructure".

I don't know what you're talking about. I'm talking about specifically hacking the voting infrastructure and removing voters from the voting rolls. You're going on about ads or something with a small budget (???) but I have no idea what you're talking about.

Here is a citation that Russia directly hacks the elections themselves: https://slate.com/technology/2018/07/russia-election-hacking...

> That would be news indeed. Source?

Oh yeah, that is the biggest news of the last two years. I picked a source and cited it.

> Source?

Well, Heather Heyer was murdered in this fashion.

> constantly gather support to jail people who have committed no crimes

Well Beto for one! Ted Cruz trying to drum up support to jail Beto O'Rourke last night was wild. Scary and sad :(

> You're going on about ads or something with a small budget (???) but I have no idea what you're talking about.

The amount of money Russia spent on Facebook ads.

> Well, Heather Heyer was murdered in this fashion.

That was tragic. Evil, even. But you said "People are dying in the streets from the actions taken by violent right-wing people", and when pressed for evidence, you cite the only instance that has happened in two years. But you claimed more than that. You claimed "people" (plural) "are" (present tense). You have dramatically overstated a real, horrible, but still one-off instance into a general trend.

> Well Beto for one! Ted Cruz trying to drum up support to jail Beto O'Rourke last night was wild. Scary and sad :(

Ted Cruz is trying to drum up support for getting re-elected, nothing more. (You've seen this before. Note that Hillary remains completely un-locked-up.) It's sad, all right, that Cruz would use this tactic. But Beto isn't going to jail, win or lose, unless he actually does something, no matter what Cruz says in a campaign situation.

Again, typical Hn-ness. Have a great afternoon!

This kind of political flamewar is the sort of thing we ban accounts for. Please don't do it here, at all.


Yes, your constant downplaying and total denial of the most important technology and political events of the century is very "HN like". Have a great afternoon.

If you go back to using HN for political flamewar, we're going to have to ban you again. Please do it somewhere else; not here, at all.

There's no need to insult me to start with.

I intended no insult, nor did I post one. I simply pointed out that there were glaring factual issues with your comment. I apologize if you misinterpreted what I said.

The problem is that American interests have extended beyond the limits of the American borders for too long - China exercising its rights to protect its own interests outside its borders is a response to that, which automatically triggers American hubris: "nobody, but the 'greatest nation on Earth', should have the right to say its interests extend beyond its borders" .. this is the point of American hegemony in the world. If America doesn't do it, someone else will - so eventually, America becomes the very threat it was resisting all along: a totalitarian state which uses its military might to usurp the interests of other nations, at any and all cost.

If he used Facetime audio calls, not only would the calls be clearer, no one could listen in.

I suspect that'd just get various intelligence agencies to bug his confidants' homes directly.

Clearer than HD Voice?

Just tap the people he calls on a regular basis.

Mods, can we get Russia added back to the headline? It has been removed and is causing confusion in the comments.

I assume it was the submitter's attempt to make the title less flamewar-prone, but that cause was clearly doomed, so sure.

It’s amazing that I know all this. Like that the president has multiple iphones, he likes to call multiple friends, that foreign governments listen in.

If this was Hillary the republicans would impeach her right away for endangering the country. They should do the same to Trump.

It is relatively trivial to identify the friends of a famous person, such as any sitting President of the United States. Since the government doesn't go around paying for secure lines for all friends of all Presidents, it seems likely that all calls from all Presidents to all of their friends throughout modern history were subject to eavesdropping. This isn't a "Trump is an idiot" issue, as the article strives so diligently to imply. All Presidents have had this issue when speaking to friends who don't have secure lines at government expense.

Well, it's more like "Trump is an idiot, and this is another attack vector the Chinese are using to influence him.". Previous presidents read daily intelligence reports and probably paid attention to the warnings about what they can talk about with their friends over insecure lines, but this guy "knows best".

IIRC Obama invited his high school friends a lot to hang in the White House, that's one way to avoid insecure phone networks.

> Mr. Trump’s aides have repeatedly warned him that his cellphone calls are not secure, and they have told him that Russian spies are routinely eavesdropping on the calls, as well. But aides say the voluble president, who has been pressured into using his secure White House landline more often these days, has still refused to give up his iPhones.

How is blatant disregard for communication security not an impeachable offense? This behavior is not only destructive for himself, but destructive for the nation. Does he have to send nuclear launch codes over SMS before he gets in any sort of trouble?

The president can declassify anything he wants to, merely by speaking it to someone else. He's the only person in or out of the government who can do this. So, not impeachable. Impeachable would be when the former Secretary of State did not exercise care when handling classified information. The relevant statute does not require intent - only lack of care.

It is interesting that all the push back by governments to keep phones from being secure has resulted in no phones being available that are secure - at least not any that people want to use.

>Impeachable would be when the former Secretary of State did not exercise care when handling classified information

Its remarkable that some people are still keeping up this charade, 3.5 years after it was revealed and 2 years after it was put to rest. C'mon, man. It's intellectual dishonesty.

Apparently we judge a former SoS by the rules of cricket and the President by the rules of Calvinball.

Charade? She sent and received classified emails:


Here's the relevant statute:


    (f) Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information, relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—
    Shall be fined under this title or imprisoned not more than ten years, or both.


> Even though the plain language of the statute reads “gross negligence,” the Supreme Court has essentially rewritten the statue to require intent to sustain a conviction.


Interesting. So does the president have a free ticket to declassify anything, even if it puts the nation at risk (e.g. during a time of war)? For example, if trump posted the location of a surprise invasion force on twitter, can the rest of the government just "lol, trump on twitter again" and move on?

The president is the commander in chief of the armed forces so pretty much anything the military does is under the presidents authority or by authority delegated down the chain of command from him/her. The president could personally lead troops into battle if he wanted to. I think the only president to have served as an actual general during their time as president was George Washington during the whiskey rebellion.

President Lincoln wasn't leading troops into battle, but he was (briefly) under fire in 1864, during Early's raid on Washington.

This is why we have impeachment and removal. "High crimes and misdemeanors" doesn't require breaking an actual criminal statute. See https://en.wikipedia.org/wiki/High_crimes_and_misdemeanors and my reply to tomohawk.

The conduct is still impeachable even if he can declassify, explicitly or impliedly. (And I agree he can disclose whatever he wants to whomever he wants. But I also believe the Secretary of State has similar powers, albeit more narrowly circumscribed. Note that both Hillary Clinton and her predecessor, Colin Powell, used private e-mail servers.)

The phrase "high crimes and misdemeanors" means the opposite of what people intuitively think. Elected officials entrusted with state powers are held (or were at the time of the founding deemed to be held) to higher ethical and moral standards than regular citizens. A "high crime" would be misbehavior by someone in a high office. See https://en.wikipedia.org/wiki/High_crimes_and_misdemeanors

Wantonly reckless behavior wrt to national security is, I would hope, indisputably impeachable. But in any event what's impeachable is entirely up to Congress as a practical matter--their decision is unreviewable except by the ballot box.

> How is blatant disregard for communication security not an impeachable offense?

Political apathy and cowardice.

> Does he have to send nuclear launch codes over SMS before he gets in any sort of trouble?

As long as Congress decides who gets impeached, even that might not knock him out.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact