Comments on: Obama's BlackBerry brings personal safety risks

The U.S. president's insistence on keeping his RIM device creates a number of risks, chief among them: attacks against his location privacy and physical security.

[pjk0]

It defies reason that the President of the USA would be carrying standard hardware, and connecting to the network in a standard way. While the author's speculations are probably correct for standard-issue hardware, I would think it would be treason-level incompetence for the Secret Service or the DOJ to allow Obama to carry something that vulnerable.

As a previous commenter mentioned, I have no doubt that what he is carrying runs at the very least custom firmware, probably customized by RIM itself, and perhaps running through some sort of proxy. Certainly at the White House they probably run their own pico-cells there so the high-security wireless devices have no need to connect to public towers directly. (And the PR benefits of the world being told that Obama carries a Blackberry are undoubtedly a million times more lucrative for RIM than the minor costs involved in customizing his hardware and doing other support work.)

Cost on the US Gov side is irrelevant. Whatever it would cost to cycle hardware would be a tiny insignificant fraction of what is spent on the President's security. But I doubt they even have to do such a thing, as their security measures are probably far FAR more sophisticated than that. I suspect there are probably special high-security channels/frequencies on the cell network that are used for high-security governmental traffic, for example. Specially modded phones would only connect to those links. All sorts of ways to work this.

All that said, I was also a bit surprised about the potential security implications of the President carrying a Blackberry, when I first learned of this plan. But given what I expect is plenty of capacity to mitigate those risks within the security infrastructure, what worries me more are things like reports I heard about seemingly lax security during the inauguration. Sure would be a pity if certain partisan elements in the Secret Service "accidentally on purpose" failed to deploy adequate security measures where the President is located.

[donteattuna]

But think about the consequences. Someone could use this information to hack into his phone and possibly get some very important information, e.g. Paris Hilton's phone number, or maybe see him making slanty eyes with Myle, or saying someone is a nappyheadedho.
It seems some think the world comes to an end with the discovery of such cosmic events.

[plee86]

This article is an incredible waste of time, based on a false premise that so many commenters have pointed out that is absurd: that the President's location is some kind of secret that would be compromised by an electronic device. You want to know where the President is during the hours of 1 am to 7 am almost every day of the year? 1600 Pennsylvania Avenue. There, the secret's out. Oooh, everybody duck and cover! The absurd paranoia that the Chinese are going to know where he is when he's in China is laughable. You think the President is going to sneak out of his hotel in the dead of night to meet with the North Koreans? Does your idea of how diplomacy works come from 24?

The security of the President does not depend on keeping his whereabouts secret, which is basically impossible since he is such a high profile individual. It is about working to make sure the area where he is is secure. Stealth is not an element of the President's security: you think a security motorade that includes dozens of vehicles, including one vehicle with a machine gun sticking out of its rear window, is designed with the idea of stealth and secrecy in mind?

This article is Exhibit A of When Smart People Write Dumb Things.

[2RCHA_Engineer]

What are you talking about??

The ID number that is broadcast in the clear is the TMSI, this number is an highly encrypted and variable version of the IMSI (http://en.wikipedia.org/wiki/International_Mobile_Subscriber_Identity).
The IMEI is NEVER broadcast in the clear, it is matched with the IMSI in the VLR at the cellular providers switching office.
Dialled numbers can be discerned over the air if you have the right means, but this is lot different than reliably tracking down one persons phone over the air.

Simple solution.....pay for many IMEI's and auto roll every couple of hours. Hackers have used auto roll on Jtags for many years to hack Dish Network, why cant they use that technology on his BB. As long as the IMEI's are paid for there are no laws broken. And if ya really want to confuse the spies give everyone in the White House an auto roll BB!

[mstrstvns]

Why wouldn't they simply bypass local cellular networks altogether and use a secure connection for ALL his Blackberry traffic and then route it securely back out onto the Blackberry network? They may be running their own cellular tower for all we know.

[sam99999999]

Great article. Very well written, and the links to Mitnick and the other stories were fascinating.

Why wouldn't Obama use one of those encrypted BlackBerry substitutes though?

[ksmithderm]

Rather than using commercial networks, I imagine that Obama carries something that looks and acts like a Blackberry, but which communicates with a wireless device carried by his entourage; which in turn connects to the net.

It would be reasonable to expect that the frequencies and communications protocols are quite different from a garden variety Blackberry or cell phone.

[Benf]

FUGTARD: You have no idea what software the pres. is running on his BB, your comments are pure speculation unless you care to divulge your source of information

[Keypad81]

This could be a serious security threat. However, burning phones is not at all necessary. I used to work in mobile phones industry and it is not that difficult to use software to change the IMEI number of a phone without actually physically swapping it for another phone. It's highly illegal of course and mainly used by people that have stolen phones and want to prevent them from being blocked by the network.

The president and his aides could have their computers set up to rotate their IMEI numbers between them or even use a completely new random available IMEI every time they sync up their phone.

They could of course already have a system in place with the network where they are not even using the same IMEI system making it untraceable.

[Jack K1]

Or he just turns his Blackberry off while vulnerable in transit. Big whup.

[Arlondiluthel]

Obama's BlackBerry probably has a similar feature as encryption terminals already used by the military, where the key is changed every so often. They probably have it set up to change the MEID on a regular basis.

[Jonathan]

Please. This is a sensationalistic article. It makes MASSIVE assumptions as to how the device is setup. For all we know they are running a different OS with a AES wrapper that is authenticating though an NSA server instead of RIM's stuff. You can bet your *** that RIM is bending over backwards to do whatever the gov wants. There is nothing better then being able to say the leader of the US is using your product. So extreme customization would not be out of the realm of possibilities.
As for the price...please. Do you know how much it would cost to get 100 blackberries and then randomize them once every 3 days with all devices being replaced yearly. I can tell it it would be a hell of a lot cheaper then some workstation laptops I've been deploying lately.
Finally there is the sensitive data point....umm you apparently missed the memo where they announced that this is very much used for limited non confidential information. So yah if someone wants to hack Obama's blackberry to learn how he's rubbing Tom Delay's nose in last week's sports scores...more power to em.

[kenlhb]

Why so many editors focus on Obama's phone? Was it the same at the time when Bush was a president.

[JulesPolonetsky]

Hi Chris:

Obama isnt using a blackberry, likely cause the Secret Service is well aware of the issues you raise, and others. He is using a device called the "Sectera Edge," developed and produced by the defense contractor General Dynamics for the National Security Agency.
http://www.onthemedia.org/episodes/2009/01/23/segments/121832

[Shaun714]

wow talk about annoying to have to go through that kind of stuff, well i guess thats the price for being the president good article though.

[jtjj1234]

This is just absolutely retarded. Why is this article only appearing now with Obama- simply put, did this threat not occur with past presidents? I mean, come on- surely Bush, Clinton, etc had their own cell phones which similarly broadcast IMEI information the exact same way and thus could've been used to track their whereabouts? How is it any different with Obama?

THINK guys.