Since taking office, the President of the United States has been using a Samsung Galaxy S3 phone, in all likelihood, to launch his stock-bashing, media-trashing, international diplomacy-thrashing, 140 character-capped rockets into the incendiary depths of the Twitter-sphere.
The New York Times reported this week that, despite his wife Melania’s weekday absence, President Donald Trump “has the television — and his old, unsecured Android phone, to the protests of some of his aides — to keep him company.” Additional sleuthing by the mobile maniacs at Android Central, a blog devoted to the namesake Google operating system, narrowed the handset’s identity down to the type. The smoking gun? Photos recently shot by the German news outlets Bild.de and Die Welt at the boss’ former offices in Trump Tower unmistakably reveal the supposed device’s make and model.
The revelation has some Beltway watchers worried. “A Galaxy S3 does not meet the security requirements of the average teenager, let alone the purported leader of the free world,” observed Nicholas Weaver, a security expert at the non-profit International Computer Science Institute in Berkeley, California, in a post on the policy blog Lawfare. Hacking that gadget is “the type of project I would assign as homework for my advanced undergraduate classes,” he said. (Coincidentally, America’s adversaries have the same assignment—if they haven’t accomplished it already.)
As many commenters have noted, the standard Galaxy S3 last received a software update about two years ago, leaving the handset potentially vulnerable to spies and hackers. The phone might even be subject to compromise by Stagefright, an old Android mega-bug that attackers can exploit with a single booby-trapped multimedia message. Say what you will about the Democratic National Committee’s cybersecurity posture, if the commander-in-chief is indeed persisting with an eminently hijackable handset, that should raise serious alarms. It would be trivial, after all, to turn it into a spy agency’s location-tracker or voice-transmitter, as Bruce Schneier, a cryptography expert and tech chief at the IBM security subsidiary Resilient Systems, noted.
There is some controversy about the matter though. An earlier report in the Times claimed that the president had exchanged his beloved personal cell for a locked-down substitute. (Most likely, this refers to a government-modified Boeing Black phone, per a report in NextGov, a blog devoted to federal tech.) The latest finding calls that development into question, however.
In the more recent report by the Times, President Trump mentioned another set of horns as well. He lavished praise on the White House’s communications lines, calling them “the most beautiful phones I’ve ever used in my life.” Specifically, he referred to their built-in encryption and wiretapping protections. “The words just explode in the air,” he said.
Hear that, eavesdroppers? I sure hope not.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Yahooooo¡¡¡ The Securities and Exchange Commission is investigating whether Yahoo should—or could—have reported its years-old data breaches to investors sooner. To make matters worse, regulators are probing the possibility that the company covered up the compromises, a scenario that may invite criminal charges. While everyone questions whether Verizon will close its acquisition, Yahoo expects to seal the deal next quarter. (Reuters, Fortune, Fortune, Reuters)
Microsoft’s cyber billions. The software giant said it will invest $1 billion per year in cybersecurity research and development, excluding acquisitions. Over the past couple of years, Microsoft purchased three Israeli cyber startups for undisclosed sums—Aorato, Adallom, and Secure Islands—and has invested in just as many. News of the R&D commitment came at a security-themed conference Microsoft held in Israel this month. (Reuters)
Spy purge? Russia has been arresting security service offices allegedly accused of being U.S. spies related to election hacking. The roundup began at the end of last year when authorities cuffed Ruslan Stoyanov, a manager at Russia’s flagship cybersecurity firm, Kaspersky Labs. Stoyanov’s department apparently worked closely with the state’s Federal Security Service, descendant of the Soviet-era KGB. (Reuters, Daily Beast)
Cisco’s WebEx has a dangerous, gaping hole. A Google security researcher found a critical vulnerability in browser extensions for the networking giant’s popular web conferencing software. The bug easily allows hackers to take control of up to 20 million users’ machines. Cisco issued quick fixes and is working to find a more permanent solution to the problem. (Ars Technica, ZDNet, Sophos)
Facebook’s #major🔑🔑🔑. The social network has added an optional extra layer of security for people logging into the site: hardware security keys. The tools help prevent attackers from hijacking people’s accounts with stolen passwords. Google originally developed the technology behind the keys. (Fortune)
In other news, space fashion recalls blue Daft Punk robots.
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Fortune’s Jeff John Roberts recounts, with a soupçon of PTSD, that time digital goblins poured sulfuric acid on his Twitter feed. Some hope: a Google-born shop has a plan to beat back the online ogres.
Have you ever been attacked by trolls on social media? I have. In December a mocking tweet from white supremacist David Duke led his supporters to turn my Twitter account into an unholy sewer of Nazi ravings and disturbing personal abuse. It went on for days. But a new strategy promises to tame the trolls and reinvigorate civil discussion on the Internet. Hatched by Jigsaw, an in-house think tank at Google’s parent company, Alphabet, the tool relies on artificial intelligence and could solve the once-impossible task of vetting floods of online comments. Read more on Fortune.com.
J-Law Hacker Gets 9 Months in Jail, by Don Reisinger
Dropbox Didn’t Actually Delete Your ‘Deleted’ Files, by Robert Hackett
5 Best Practices for Keeping Your Business Safe From Hackers, by Entrepreneur’s Felix Tarcomnicu
North Korean Defector Predicts ‘Popular Uprising’ Against Kim Jong-Un, by David Z. Morris
ONE MORE THING
Here’s why Bitcoin made a comeback in 2016. World events help explain the resurgence of the digital currency last year. See the below annotated price chart, which you can also view in the latest issue of Fortune magazine.