NYT: Chinese and Russian spies routinely eavesdrop on Trump’s iPhone calls
Chinese and Russian spies routinely eavesdrop on personal phone calls President Trump makes on his iPhones, one of which is no different from the smartphone millions of other people use. The US president’s casual approach to electronic security has several current and former officials so frustrated they leaked the details to The New York Times, which reported on the phone interceptions Wednesday evening.
Trump, Wednesday’s article reported, has two official iPhones that have been altered by the National Security Agency to limit the types of hacks they’re susceptible to. The president has a third iPhone with no modifications that he uses as personal device, because unlike the official iPhones, he can store personal contacts on it. What’s more, while Trump is supposed to swap out his two official phones every 30 days for new ones, he rarely does. Trump did agree to give up his Android phone, which most security experts believe is more vulnerable than Apple’s iOS, and Trump has also agreed to the more cumbersome arrangement of having the two official iPhones. One is for Twitter and other apps, while the other handles calls.
Still, when Trump uses the cell phones to call friends, Chinese spies often listen in hopes of gaining insights about how to influence him on the long-simmering issue of trade. Russian spies also routinely eavesdrop on Trump’s calls, although the Russian spies don’t appear to be running as sophisticated an influence campaign as their Chinese counterparts. Aides have repeatedly warned the president that cell phone calls are especially susceptible to monitoring by adversaries. The aides have pressured him to use landlines instead, but he has refused to give up his devices.
How it’s done?
The NYT doesn’t describe the eavesdropping in much detail other than to say “the calls made from the phones are intercepted as they travel through cell towers, cables, and switches that make up national and international cell phone networks. Calls made from any cell phone—iPhone, Android, and old-school Samsung flip phone—are vulnerable.”
Based on that description, there are any number of ways spies could be listening in. The most likely method, former Facebook security chief Alex Stamos said on Twitter, is the passive decryption of the call as it passes from a phone to a carrier’s cell tower, often as it uses the Voice over LTE standard.
“The Russian and Chinese embassies are likely sucking up all GSM/LTE bands in the district,” Stamos wrote. “Modern iPhones would do most voice as VoLTE, meaning this would require a passive attack against handshake or KASUMI cipher. Seems most likely.”
The concern with this theory, as Stamos went on to note, is there currently are no known practical attacks that decrypt LTE calls. For this theory to be correct, governments must now be capable of covertly breaking a standard that hundreds of millions of people use every day to protect their most sensitive personal and business secrets.
4) Passive decryption.
The Russian and Chinese embassies are likely sucking up all GSM/LTE bands in the district. Modern iPhones would do most voice as VoLTE, meaning this would require a passive attack against handshake or KASUMI cipher. Seems most likely.
— Alex Stamos (@alexstamos) October 24, 2018
Stamos also held out the possibility that the reported eavesdropping on Trump is exploiting weaknesses in Signaling System No. 7, the four-decades-old networking protocol that allows cell phone users to connect seamlessly from network to network as they travel throughout the world. While technically possible, Stamos discounted SS7 as the likely eavesdropping method, because carriers would probably become aware if it was being used to monitor phone numbers assigned to the president. Stamos also discounted phone malware implants sneaked into the baseband and the use of stingrays to man-in-the-middle the calls.
Others have raised the possibility that the eavesdropping is being done by monitoring the connections of the people receiving the president’s calls. This is certainly possible, but it wouldn’t explain why aides are so frustrated over Trump’s continued use of cell phones and his resistance to using landlines.
Wednesday’s article contrasts Trump’s approach to cell phone security with his predecessor. During his second term as president, Barack Obama used an iPhone, but it couldn’t make calls and could receive email only from a special address given to a select group of staff members and close contacts. The iPhone had no camera or microphone and couldn’t be used to download apps at will. Texting wasn’t permitted because there was no way to collect and store messages as required by the Presidential Records Act. Often, when Obama needed a cell phone, he used one belonging to an aide.
Trump, on the other hand, has insisted on having a more capable devices. The president typically uses his mobile phones when he doesn’t want a call to be routed through the White House switchboard and logged for aides to see.