Trump reportedly uses unsecured phone lines. Cybersecurity experts explain why those are 'so easy to hack it's scary.'

aholmes@businessinsider.com (Aaron Holmes)
Trump on phone

White House

  • A recent Washington Post report cited US officials as saying President Donald Trump had often used unsecured phones — rather than encrypted phone services meant for top government officials.
  • Business Insider spoke with cybersecurity experts about how hackers could gain access to phone conversations on unsecured devices.
  • Unsecured phones are an easy target for hackers, according to the experts, who said they were "so easy to hack it's scary."
  • Visit Business Insider's homepage for more stories.

President Donald Trump made Hillary Clinton's use of a private email server a hallmark of his 2016 campaign, but the president now regularly conducts phone calls using unsecured devices, according to a new report from The Washington Post.

Top government officials typically use encrypted phone services to protect calls or texts from being intercepted by hackers, but several officials told The Post that Trump routinely used unsecured phones.

To put that in context, Business Insider spoke with cybersecurity experts about the risks associated with unsecured phones.

Alex Heid, the chief research officer of SecurityScorecard, said that unencrypted phone services were exceptionally easy to hack.

"In some cases, it's as simple as walking into a cellphone tower, plugging in a laptop, and downloading everything," Heid said. "It's generally so easy to hack it's scary."

Kiersten Todt, the managing director of the Cyber Readiness Institute who previously served as a cybersecurity adviser to the Obama administration, said gaining access to unsecured phone activity was well within the capabilities of sophisticated hackers.

"With enough time and focus, which we know that many malicious actors have, it's certainly doable," Todt said.

Here's a breakdown of how hackers can gain access to unsecured phone activity and how encryption can protect against hacks, according to experts.

Encrypted phones have been the standard for top-ranking government officials dating back to World War II, when extensive technology was employed to protect against wiretapping.

SIGSALY

National Security AgencyPhone encryption became much less expensive with the advent of the internet. Most encrypted phone lines now use software called "voice over internet protocol" to shield against spying.

cell phone

Nam Y. Huh/APMost standard phone services, however, including calls and texts, are "basically wide open," according to Heid, who said, "It's unencrypted data stream that's broadcast over the airways."

phone

Scott Morgan/Reuters"Hackers are constantly hacking telecom carriers," Heid said. "In some cases, it's as simple as walking into a cellphone tower, plugging in a laptop, and downloading everything."

Cell tower worker

Justin Sullivan/Getty ImagesThere are now a range of smartphone apps that provide encrypted calls and messaging services, including Signal, Wickr, and WhatsApp. The latter is used intermittently by White House officials, according to The Washington Post.

WhatsApp hack

ReutersConvenience is the primary reason people opt to use unsecured rather than encrypted phone services. "There's always that trade-off between encryption and ease of use," Heid said.

phone call Donald Trump

Mark Wilson/Getty ImagesThere have been several instances of targeted phone hacking in the past year alone. One tactic, known as SIM swapping, involves fraudulently persuading a mobile carrier to transfer control of a phone number to a hacker's device.

samsung galaxy nexus sim card

Steve Kovach, Business Insider

Read more about SIM swapping here.

"Mobile security is something that the government is still struggling to prioritize," Todt said. "Given the use of smartphones across business and government use, we've got to figure it out."

white house

AP Photo/Jacquelyn Martin

Got a tip? Contact Aaron Holmes at (706) 347-1880 or at aholmes@businessinsider.com. Open DMs on Twitter at @aaronpholmesYou can also contact Business Insider securely via SecureDrop.

Read the original article on Business Insider