Good morning, Vittles. Yesterday we learned that POTUS has been tweeting from – and is still using – an unsecured Galaxy S3 phone, a device that might be more than four years old, and running (gulp) Android. (PS- how much do you think the big guy patches?) This according to Android Central. We know this is a true security problem because German Chancellor Angela Merkel’s phone, which she used for party business, was infamously pwned by multiple intelligence agencies, including our home team. (USA! USA! USA!!)
As the excellent folks over at The Register point out this must be somewhat awkward given a certain candidate’s relentless attacks on HRC’s use of a personal email server during the time she served as Secretary of State. Not to mention DT’s “no no no no no no no ok it was the Russians” position on the hack of DNC servers, stolen information from which was later used in an apparently successful attempt to sway the 2016 presidential election.
Now, POTUS has already been issued a different, secure smartphone by our friends at Ft. Meade. But apparently he’s not using it yet. Or perhaps his old Galaxy S3 is just his favorite tweeting phone. Regardless, the risk is (truly) yuuuuuuuuuuge. Somebody (perhaps his daughter Ivanka) needs to walk up to daddy and slap that piece of radioactive pwnage out of his hands RIGHT NOW.
If we’ve learned anything in the past twelve months, please let it be that we’ve learned to trust our assumptions LESS. We all in the cyber community (I know, I hate that word too) need to be a lot more vigilant about the true state of things – and that goes for the effectiveness of our security stack, too. If we haven’t measured it, we just don’t know. Strongly held beliefs and convenient alternative facts are a piss-poor defense against Tarh Andishan, the Syrian Electronic Army, the Chinese, and our competitors. It’s time to Instrument Security.