News: 1728916085

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Trump campaign arms up with 'unhackable' phones after Iranian intrusion

(2024/10/14)


With less than a month to go before American voters head to the polls to choose their next president, the Trump campaign has been investing in secure tech to make sure it doesn't get hacked again.

Military kit supplier Green Hills Software has equipped Trump's team with supposedly unhackable phones and computers as the campaign attempts to avoid a repeat of [1]earlier incidents where pro-Iranian attackers managed to steal emails and other data from the crew. The provider claims its software is impervious to any intrusion attempts and has also offered the technology to the Harris campaign team.

The kit uses the Green Hills Integrity-178B operating system, which is used on the stealth B-2 bomber, F-22, and F-35 fighters, and appears to be one of the only [2]commercially available OSes certified to Evaluation Assurance Level 6. The company says its security comes from tight coding and locking down absolutely everything it can to minimize the opportunities for intrusion.

[3]

Green Hills Software CEO Dan O'Dowd told The Register that the entire operating system of the devices operates on around 10,000 lines of code that are penetration tested by a team incentivized to find bugs.

[4]

[5]

"I've had staff complaining that they can't find enough bugs," O'Dowd claimed.

For now, the company focuses on high profile users, building a billion-dollar business providing secure operating systems for the military and law enforcement.

[6]

"We spend thousands of dollars reviewing every line of code," he said. "Everything is security Day 1, 2, and 10 without being checked. We have a whole team checking each other's code."

[7]Feds charge 3 Iranians with 'hack-and-leak' of Trump 2024 campaign

[8]Iran's cyber-goons emailed stolen Trump info to Team Biden – which ignored them

[9]Trump campaign cites Iran election phish claim as evidence leaked docs were stolen

[10]If you're holding important data, Iran is probably trying spearphish it

The software shop claims it is immune to [11]zero-click commercial surveillance tools such as the NSO group's Pegasus code and Green Hills asserts the phones "never fail and can't be hacked."

However, this is like a red rag to a bull for some criminally minded coders, as well as white-hat hackers. Logically, no software is impervious to dedicated attacks, but Green Hills thinks otherwise, and also wants to extend the use of the code to election systems themselves.

"We must also ensure that the same level of security and reliability used in nuclear systems be applied to voting machines, given their critical role in the electoral process," O'Dowd said. "Securing the integrity of the democratic process is paramount."

The firm isn't wrong on the latter point. As has been shown again and again, election voting systems are woefully inadequate, despite [12]strenuous [13]efforts by the hacking community to fix insecure systems. As we race towards election day, Green Hills will soon see if its kit lives up to its claims. ®

Get our [14]Tech Resources



[1] https://www.theregister.com/2024/09/27/us_charges_iran_trump_campaign_hack/

[2] https://www.ghs.com/customers/lockheedf35.html

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Zw1AJtJudNbAEDmQc2wFOwAAABQ&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zw1AJtJudNbAEDmQc2wFOwAAABQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Zw1AJtJudNbAEDmQc2wFOwAAABQ&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Zw1AJtJudNbAEDmQc2wFOwAAABQ&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2024/09/27/us_charges_iran_trump_campaign_hack/

[8] https://www.theregister.com/2024/09/19/iran_trump_hack_info_biden/

[9] https://www.theregister.com/2024/08/12/trump_campaign_hacked_iran_claim/

[10] https://www.theregister.com/2024/09/30/iran_spearphishing/

[11] https://www.theregister.com/2023/04/12/quadream_spyware_microsoft_citizenlab/

[12] https://www.theregister.com/2023/05/11/us_voting_system_pen_testing/

[13] https://www.theregister.com/2020/08/05/blaze_blackhat_keynote/

[14] https://whitepapers.theregister.com/



Cruachan

"Unhackable" assumes that the person using the device has secure passwords and multi-factor authentication setup as well. You'd think that would be the case, but there is a precedent here. 2 in fact, allegedly.

https://www.theregister.com/2020/09/11/trump_twitter_account_recycled_password/

https://www.theregister.com/2020/10/23/trump_twitter_account_no_mfa/

Kimo

If I remember correctly several Trump associates, including Guliani, were caught in a phishing attack. The OS is never the weakest link.

Used on B-2, F-22, F-35

Clausewitz4.0

"Integrity-178B operating system, which is used on the stealth B-2 bomber, F-22, and F-35 fighters,"

A lot of people are seeking to get their hands of these phones, I believe.

Oh, my

James O'Shea

Unhackable, eh? Let's see how long it will take to crack it. Remember, this kind of security is only as strong as its weakest point, which in this case would be The Donald himself. I rather suspect that he would use an easily guessed password and would turn off any multifactor, despite the best efforts of his security guys. Who may be less than enthusiastic, depending on whether or not he treats them the way he treats other minions and hasn't paid them for a while/

[gets popcorn]

Re: Oh, my

Will Godfrey

Well I suppose that's one way to get your designs stress tested by the best in the world - not that you'd know it had failed until far too late.

Re: Oh, my

Anonymous Coward

username TheDonald

PW The bestiestpasswordever1

Re: Oh, my

Yet Another Anonymous coward

[1]maga2020! . note the secure mix of letters numbers and symbols you would expect from the greatest genius ever

[1] https://www.theregister.com/2020/10/23/trump_twitter_account_no_mfa/

Very stable genius

dangerous race

Not 'greatest genius ever' - but "very stable genius!"

SFW - great music and lyrics - https://youtu.be/k-LTRwZb35A?si=MMF0BzNuK3tf_-Ef

Lord Elpuss

"Everything is security Day 1, 2, and 10 without being checked."

The what now?

MonkeyJuice

Days 3 - 9 we insert the requisite bugs, per staff requirements.

Lord Elpuss

"The provider claims its software is impervious to any intrusion attempts"

Green Hills asserts the phones "never fail and can't be hacked."

"...claims it is immune to zero-click commercial surveillance tools"

I haven't looked at a single line of the code, do not know this device, have never heard of Green Hills and I'm not a professional hacker. But despite this I can say, with absolute certainty, that these statements are bullshit and that by stating them, the company is hoping that the Trump team share the same shoe-size IQ as the MAGA loons that support them.

Anonymous Coward

Who cares whether the end-user devices are hackable, if the services they're using are?

I imagine they've set everything up to go over a VPN, so that would be the best place to attack.

My thought is...

Peter Gathercole

.. that this phone does not run any Android or IOS apps, so Donald will have his own 'secret' more mainstream phone to enable him to post on X or his Truth (sic) Social platform.

But that's OK, because he won't use it for mail (until he does, by mistake).

Re: My thought is...

Irongut

I am told the orange buffoon does not actually post on X / Truth himself and never has. He is unable to use a modern phone and all his posts are made by staffers.

Yes, that's right, someone else wrote 'covfefe'.

Re: My thought is...

Anonymous Coward

What, does he have staffers in the bedroom? I'm pretty certain that he has been reported as waking up, checking Twitter as was then, and posting at ungodly hours of the morning.

One law, etc

Anonymous Coward

I wonder how long it will be before the Donald rages at Apple because they can't hack a criminal's iPhone, or at any of the E2E encrypted messages services.

But, as others have alluded, a secure device still relies on secure meatware...

Hmm

codejunky

It would be interesting if it frustrates the security services from listening in on Trump. But since a potential 3rd assassination attempt has now been thwarted I hope secret service protection is taken more seriously for the potential next president.

My prediction:

Tom7

This will turn out to be a supply-chain attack.

So the testers are incentivised to find bugs

Neil Barnes

And they're complaining that the coders aren't putting enough bugs in?

There's an obvious revenue enhancement opportunity there, if the two teams only talk to each other...

Re: So the testers are incentivised to find bugs

Brewster's Angle Grinder

It's classic prisoners' dilemma. Let's cooperate.

Anonymous Coward

All the responses refer to the main candidate on the ticket being the point of failure. But I suspect he will not be informed about the sensitive stuff anyway lest he would spill all the beans* during a rally or "interview". I even do not even think he will get one of these phones.

* Pun intended, he has been said to do spill beans during rallies.

Wii U (yes, the Wii U)

Dan 55

Green Hills Software also [1]made the Wii U IDE environment for Nintendo .

An anonymous third-party developer [2]said it was clunky and slow :

Having worked on other hardware consoles, I suppose that we were rather spoilt by having mature toolchains that integrated nicely with our development environment. Wii U on the other hand seemed to be trying at every turn to make it difficult to compile and run any code. [...] Finally, when you had the code, you would deploy it to the console and start up the debugger, which was part of the toolchain that Nintendo had licensed from Green Hills Software. As a seasoned developer I've used a lot of debuggers, but this one surprised even me. Its interface was clunky, it was very slow to use and if you made the mistake of actually clicking on any code, then it would pause and retrieve all of the values for the variables that you had clicked, which might take a minute or more to come back.

The Wii U [3]also got hacked in record time .

[1] https://www.ghs.com/customers/nintendo_wiiu.html

[2] https://www.eurogamer.net/digitalfoundry-2014-secret-developers-wii-u-the-inside-story

[3] https://fail0verflow.com/blog/2014/console-hacking-2013-omake/

Bubble Memory, n.:
A derogatory term, usually referring to a person's intelligence.
See also "vacuum tube".