NPR ran an interesting story this morning about President Obama’s dispute with his own information security team about whether or not he would keep his Blackberry. The President won and will be keeping it. An expert from SANS.org blasted that decision, saying that the device was inherently insecure and talking about all the special modifications that he thinks the Secret Service will make to protect it.
He went on to describe some of the attacks that can be made against a Blackberry. For example, with the right set of instructions, the phone’s microphone can be turned on without it being obvious. Someone can listen in on your conversation right through your phone. For another example, the email server can be hacked or the cell phone transmissions intercepted.
All those arguments are entirely true. And they are real reasons for the President’s security team to be worried. After all, the President really does have nuclear secrets that he needs to protect. And there are all sorts of people who would love to break into his messages and who will devote immense resources to do so.
But the story was edited in a way that implied that Blackberrys are inherently insecure for the rest of us, too. Much as I like to think highly of my own self-importance, there just aren’t that many people out there who are attacking me and they certainly won’t be devoting the same kind of resources to breaking into my phone messages.
That said, you should always remember that Blackberrys run email and email is an inherently insecure system. (You can run an encrypted email program on top of regular email but PDAs don’t support that well today.) As a matter of general practice, never say anything in email that you wouldn’t want to see on the front page of the newspaper tomorrow.
The same goes for your cell phone conversations. They are a bit better protected than the SANS guy implied but there are still ways to intercept and decrypt them. Most importantly, most cell phone intercepts require the hacker to be physically close. For those of us who are not heads of state, this dramatically reduces the risk. But you still shouldn’t say anything on a cell phone that you wouldn’t say in public.
Lastly, you should keep up to date on PDA protections. There are some new viruses that target mobile phones. The major phone companies are starting to include anti-virus on their phones. If you have it, make sure you don’t turn it off. If you don’t have it, look for that capability when you next renew your phone contract. Keep using your Blackberry but use it safely.
