There is reason to be cautious, whether you are in India, or in the US—Modi or Trump
By Sujit Bhar
Eric Geller, an American cyber security reporter, reiterates in Politico that the Android phone that US President Donald Trump uses could be a cyber security threat for the White House and even for those inside the administration. Trump has been given a super secure, encrypted phone by his security aides and Geller quotes a New York Times report which said Trump keeps using “his old, unsecured Android phone, to the protests of some of his aides”.
He lays out two troubling issues. First, Trump reportedly uses a 2012 Samsung Galaxy S3, that “no longer receives software updates from their manufacturers or wireless carriers”. Which, in turn, means that it is open to security threats. Secondly, he points out that while Google’s Android technology offers many more options to the user than an Apple iPhone does, it is hardly secure. The Apple encryption, on the other hand, is so secure that even the FBI has reported that it can’t break through.
So what are the problems? Geller talks about a research that found “one of the most dangerous Android vulnerabilities, the so-called Stagefright bug, which lets hackers take control of a phone using only a text message.”
Now that is scary. Geller talked to Matthew Green, a computer science professor at Johns Hopkins University, who said: “It’s just crazy that the president is interacting with such an out-of-date and likely insecure device.” This was echoed by Bruce Schneier a leading cyber security expert, who told Politico: “His (Trump’s) off-the-shelf Android could potentially become a room bug without his knowledge. An attacker could certainly hijack his apps.”
The question is whether Trump uses this phone to discuss state secrets, in which case somebody can easily snoop. If he texts from this phone, it possible that somebody (outside the administration) can read it. And since Trump is a Twitter-bug, a quick entry point is provided to the hackers through this.
This was made evident in India through hackers who call themselves ‘Legion’; they had hacked into the email databases of some top journalists. That would be chicken feed if top hackers of the world manage to plant a Trojan-type bug into Trump’s phone and then start listening.
Technically, Trump’s using his personal Andriod phone for official purposes would be akin to Hillary Clinton using her personal email to transfer important state documents; an issue Trump has never stopped harping on.
Okay, there is this knowledge that Trump actually is less of a cyber guy and uses paper from a small notepad to scribble instructions. That, though, remains in the realm of uncertainty.
What this has done is that it has enlightened the pubic on the risks of existing in an insecure cyber atmosphere. India has taken this seriously too. Indian Prime Minister Narendra Modi has been seen with a number of phones, and there is curiosity as to which brand his phone actually is. But he has also been seen with an iPhone, and this probably is because of its security features.
It is possible to secure an Android phone to only that extent. The intrinsic security structure of an iPhone has been upgraded to a very high level. So Modi, who is also a bit of a Twitter-bug will be secure while doing so.
India is trying to get its act together as far as cyber security is concerned.
According to the site SecurityIntelligence there is major work on to bring India on a par with international security standards. India is set to introduce freshly minted encryption and privacy policies and will move to amend the existing laws that mostly fail to address international systems, and link with international law-enforcers.
To start with, Indian has appointed a Chief Information Security Officer (CISO). At this point there is no national agency that can assess India’s cyber security threats and weave responses. This is in the discussion stage, but things are moving fast. However, top level officers and the Prime Minister cannot wait for a system to be in place before securing national secrets and himself.
During Modi’s trip to the US in the Barack Obama regime, he had talks with the Americans regarding US-India Cyber Relationship Framework which will lead to legal frameworks as well as proper mechanisms for implementation. This has not, yet, translated into a treaty.
India has cyber security deals with Malaysia and the European Union and more countries would soon come into this ambit.
India is in a position to secure top government offices with alacrity, because India can afford to leapfrog the preliminary stages of development of a security system and directly adopt one that has worked so far.
This is also relevant to commerce and industry. A report, “2016 Cost of Data Breach Study: India” said such cost increased 9.5 percent for each Indian company, with 41 percent of all Indian companies experiencing such data breach. This could be disastrous in the software and the pharmaceutical industries, which are India’s Intellectual Property strengths at this point of time.
Maybe Modi understands the threats a little more than Trump. There is reason to be cautious, whether you are in India, or in the US. Every level of citizenry is under a threat perception, probably for the first time in history.