The Trump Administration's Cyber Hubris

Trump uses an insecure Android phone and his press secretary tweets passwords. What could possibly go wrong?

Grow Your Business, Not Your Inbox

Stay informed and join our daily newsletter now!
Will be used in accordance with our Privacy Policy
The Trump Administration's Cyber Hubris
Image credit: via PC Mag
Lead Mobile Analyst
4 min read
This story originally appeared on PCMag

Cyber security helped elect Donald Trump. During the presidential campaign, hackers cracked open all of the Democrats' secrets and splayed them out for everyone to see, while Hillary Clinton was raked over the coals for using an insecure server for her own personal email. Republicans' communications, meanwhile, stayed out of the public eye.

But success can breed hubris, and there are some worrying trends in the first few days of the Trump administration. Nobody hacked Trump, but he's acting like nobody can.

Why nobody should use a Galaxy S3

According to The New York Times, President Trump is still using his old Android phone to tweet. According to Android Central, that may be a Samsung Galaxy S3.

The S3 is susceptible to the worst Android bug ever discovered, Stagefright. Cured in Android 5.1.1, Stagefright lets hackers gain full access to your phone with some specially crafted MMS messages. There haven't been a ton of confirmed Stagefright-related hackings in the U.S., but most of us aren't as high value a target as the President of the United States. The Galaxy S3 never got an upgrade beyond Android 4.3. It's horrendously insecure.

Of course, just because he's using a Galaxy S3 for tweeting doesn't mean he's accessing classified data on it. But arbitrary code vulnerabilities like Stagefright can, for example, turn on a phone's microphone to use it as a spy device, even if the phone has no access to anything more sensitive than a public Twitter account.

About those email accounts

According to Wired and Newsweek, influential White House staffers including Sean Spicer and Jared Kushner maintain email accounts on RNC servers; and, for a while, the official POTUS Twitter account pointed back to a Gmail account. Also, Spicer appears to have randomly tweeted things that looked like passwords.

Keeping email on non-government servers can be a good way to keep it out of the public eye, as long as your servers are secure. (Remember all of those deleted Hillary Clinton emails?) Of course, those servers often aren't secure. (Remember all of those Wikileaked DNC emails?)

In any case, it's not a good idea for government officials to outsource their information security to consumer email providers. While Trump famously doesn't use email -- rendering him as secure as possible -- staffers could still be sending around messages with information they'd prefer not make it into the hands of foreign governments.

The good news is that the staff seem to be adapting. Just today, the password reset address for the POTUS Twitter account shifted from Gmail to a White House address. Hopefully, that's a sign of how things are getting cleaned up behind the scenes.

But the tweeted passwords show another vulnerability: it doesn't look like a lot of the White House's communications are being edited or double checked before they go out.

Does Trump need to worry?

Trump's operation has been blessed in the information security realm. Even when the RNC was hacked, the information wasn't released in a way that could damage the organization. So it would make sense that the President feels his operation is impregnable.

The question is when, and if, competent opposing forces will attack the White House in a cyber-spying assault. Those could be a foreign government, such as China, trying to secretly collect data to predict and anticipate Trump's moves, or vigilante hackers trying to embarrass the administration by releasing play-by-plays of how the policy sausage is made.

We haven't seen that happen yet but, come on, it's only been a week. Trump personally may not care much for the nuts and bolts of cyber security, but his staff needs to put their feet down, and keep locking down their electronic hygeine. The fate of the world is actually at stake.

More from Entrepreneur

Get heaping discounts to books you love delivered straight to your inbox. We’ll feature a different book each week and share exclusive deals you won’t find anywhere else.
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Entrepreneur Store scours the web for the newest software, gadgets & web services. Explore our giveaways, bundles, "Pay What You Want" deals & more.

Latest on Entrepreneur

Entrepreneur Media, Inc. values your privacy. In order to understand how people use our site generally, and to create more valuable experiences for you, we may collect data about your use of this site (both directly and through our partners). By continuing to use this site, you are agreeing to the use of that data. For more information on our data policies, please visit our Privacy Policy.