If Trump hates leaks, he needs to give up his phone
February 19, 2017 | John Naughton, The Guardian
Press
“Without exaggerating,” writes Nicholas Weaver, a computer security expert at the International Computer Science Institute in Berkeley, “hacking a Galaxy S3 or S4 is the type of project I would assign as homework for my advanced undergraduate classes."
Hacking the President’s Phone is Straightforward, Weaver Says
February 17, 2017 | Bloomberg Radio
Nicholas Weaver, a security researcher at the International Computer Science Center at Berkeley, says it would be simple to hack Donald Trump’s phone.
How to Build Donald Trump a Trump-Proof Phone
February 14, 2017 | Jake Swearingen, NY Magazine
In order for this to work, President Trump would need to be able to carry out his job. “We have to still allow him to conduct his workflow,” says Weaver. “And for him, his workflow is sending tweets and receiving phone calls from people off the books. And we need to be able to preserve that functionality while removing the functionality that could make a compromised phone a bug sending all the data to the Kremlin.”
Trump ran a campaign based on intelligence security. That’s not how he’s governing.
February 13, 2017 | Philip Bump, Washington Post
“Donald Trump for the longest time has been using a insecure Android phone that by all reports is so easy to compromise, it would not meet the security requirements of a teenager,” Weaver told NPR, and while he couldn’t say for sure, “we must assume that his phone has actively been compromised for a while, and a actively compromised phone is literally a listening device.”
Enterprise firewalls are man-in-the-middling HTTPS sessions like crazy, and weakening security
February 8, 2017 | Cory Doctorow, Boing Boing
The researchers found that the prevalence of these man-in-the-middle attacks is at least an order of magnitude higher than previously believed, and the methods that firewall vendors use to compromise HTTPS often leaves users open to spying and code-injection. Firefox is slightly more secure than rival browsers.
Beware: Most Mobile VPNs Aren’t as Safe as They Seem
February 8, 2017 | Lily Hay Newman, Wired
“The economics didn’t make much sense because when you start looking at these applications, most of them are free but maintaining online infrastructure is actually very expensive,” says Narseo Vallina-Rodriguez a researcher at the International Computer Science Institute who worked on the study.
Is Trump Tweeting From a 'Secure' Smartphone? The White House Won't Say
February 3, 2017 | Sam Sanders, NPR, Heard on All Things Considered
"Donald Trump for the longest time has been using a insecure Android phone that by all reports is so easy to compromise, it would not meet the security requirements of a teenager," says Nicholas Weaver.
Obama’s cybersecurity legacy: Good intentions, good efforts, limited results
January 31, 2017 | Taylor Amerding, CSO
Nicholas Weaver, a senior staff researcher at the International Computer Science Institute, in a post on Lawfare, declared that the president’s insistence on continuing to use an insecure Android device is, “asking for a disaster (and) should cause real panic".
Most free Android VPNs leak data and many don’t even use encryption, says study
January 31, 2017 | James Vincent, The Verge
“To me, the shocking fact was that people trust this kind of technology,” Vallina-Rodriguez told The Verge. He said in using these apps, individuals are just handing over their internet connections, and if the company handling this data isn’t trustworthy, they can get up to all sorts of mischief.
Majority of Android VPNs can’t be trusted to make users more secure
January 31, 2017 | Dan Goodin, Ars Technica
"Our results show that—in spite of the promises for privacy, security, and anonymity given by the majority of VPN apps—millions of users may be unawarely subject to poor security guarantees and abusive practices inflicted by VPN apps... Despite the fact that Android VPN-enabled apps are being installed by millions of mobile users worldwide, their operational transparency and their possible impact on user's privacy and security remains terra incognita even for tech-savvy users."