- In recent months, high-profile individuals like Amazon CEO Jeff Bezos and ‘Shark Tank’ co-host Barbara Corcoran both fell victim to cyber attacks.
- Specialised smartphones that offer heightened security do exist, but they require major compromises when it comes to the overall experience.
- For example, they don’t offer popular apps made by companies like Google and don’t have advanced hardware features found on most modern smartphones.
- Public figures are more likely to take other precautions, like using a burner phone while travelling, rather than trading their iPhone for an ultra-secure phone.
- Visit Business Insider’s homepage for more stories.
Barbara Corcoran learned an important lesson last month when she almost lost nearly $US400,000 because of an email phishing scheme. A scammer posed as her assistant and sent an email to her bookkeeper requesting $US388,700 for a real estate renovation, as People and TMZ reported in late February.
The request seemed routine for Corcoran, the ABC “Shark Tank” judge and millionaire real estate mogul, since she often invests in projects like this. As such, she told People that she had “no reason to be suspicious” about the email.
But her company later realised that the request never came from her assistant; an imposter had altered the email address by one letter.
Corcoran’s experience isn’t unique, in fact, 88% of organisations worldwide experienced targeted phishing attacks in 2019, according to cybersecurity firm Proofpoint. It’s also just the latest example of a high profile individual that’s fallen victim to malicious actors.
Roughly one month earlier in January, it was discovered that Amazon CEO Jeff Bezos’ phone had reportedly been hacked by Saudi Crown Prince Mohammad bin Salman in 2018. The Amazon chief’s phone began leaking data after he received a video file via WhatsApp that was sent from bin Salman’s account.
The two instances are inherently very different from one another. Corcoran’s case involved a classic phishing scheme in which a scammer was able to trick her staff into handing over money rather than stealing it covertly. The Bezos hack, on the other hand, was executed by a malicious file that unknowingly gained access to information stored on his phone and secretly siphoned out data over time.
But there is a common thread between them: They both illustrate how vulnerable the devices we use for nearly every aspect of our daily lives are to attackers. And they both reiterate that high net worth individuals are particularly lucrative targets, and often communicate through the same devices and services used by millions. Bezos was hacked through WhatsApp on an iPhone X. Corcoran was phished through standard email. Specialised phones designed to enhance privacy and security do exist, but they often require trade-offs that would fundamentally alter the way most people use their phone on a daily basis.
“There’s no such thing as, ‘this device cannot be hacked,'” Etay Maor, chief security officer for threat intelligence firm IntSights, previously said to Business Insider back in January. “There’s no such thing. And we’ve seen this over and over again. So at the end of the day, it’s a game of risk management.”
No Gmail, no App Store — using an ultra-secure smartphone is like ‘taking a step back into the 1990s’
is So-called “hardened” phones, like Purism’s Librem 5 phone and Communitake’s IntactPhone, have a variety of built-in security measures that aren’t commonly found on smartphones. They also run on custom software built with privacy in mind. But those benefits come with compromises: There’s no Google Maps, no Gmail, no Instagram, and most important, no access to Google’s enormous app store. They also won’t come with the flashy new features found on today’s newest smartphones, like a triple-lens camera.
“You think about high-profile people, they want the cool toys too,” Charles Henderson, the global head of IBM’s X-Force Red security team, said to Business Insider. “If you’re telling somebody, ‘Hey, I’ve got this great phone that does half of what your current phone can do,’ then that’s not exactly the best sales conversation to have.”
Few people know this better than Todd Weaver, the CEO of Purism, which makes laptops, services, and a smartphone optimised for security and privacy. The company’s Librem 5 smartphone runs on Purism’s own operating system, which is based on Linux instead of Google’s Android, and includes physical switches for turning off the phone’s microphone, cameras, GPS, cellular, and Wi-Fi functionality.
The phone began shipping to early backers in September, and the mass production model was originally slated to begin rolling out between March and June of this year. But it may be delayed due to supply chain constraints resulting from the coronavirus.
The Librem 5 doesn’t have access to Google’s Play Store and instead runs on the much smaller PureOS store, which only includes apps without third-party ads and trackers based on open-sourced code. That means those using the Librem 5 will probably have to access popular services like Uber, Facebook, and Instagram though the phone’s web browser, which sandboxes individual web pages so that these services don’t have access to any other data on your phone beyond what’s required to carry out the task at hand.
Even after just a few moments using the current version of the Librem 5, it’s apparent that it’s a stark contrast from most modern smartphones made by companies like Apple, Motorola, Samsung, and others. It’s noticeably thicker, the apps are limited, and the software itself is less polished.
“Using a minimalist phone is kind of like taking a step back into the 1990s,” Marc Rogers, a white-hat hacker and head of cybersecurity at Okta, an enterprise identity management service, said to Business Insider.”You’ve almost got a feature phone again, and it’s hard to give up some of those features.” (Insider Inc., the publisher of Business Insider, is an Okta client.)
Weaver says that Purism has shipped hundreds of units of the Librem 5 since its September launch and estimates that number will jump to 50,000 by the first half of 2020. That’s a far cry from the millions of iPhone units Apple sells in a single weekend. Apple no longer discloses iPhone unit sales, but back in 2015 it said it had sold more than 13 million units of its iPhone 6S and 6S Plus during their first weekend on the market.
Challenging the giants
Weaver’s goal with the Librem 5 isn’t necessarily to appeal to everyone; it’s to challenge the dominance of large firms like Apple, Google, and Facebook, all of which have come under increased scrutiny in the past year over the power and influence they hold in the industry, as well as the ways they handle consumer data.
“It always comes down to control,” Weaver said. “To break up that [iOS and Android] duopoly … you have to give control to the individual.”
His company’s audience, he said, is a combination of parents looking for a privacy-oriented device for their child, software developers, C-suite executives, and enterprise clients. But incidents like the Jeff Bezos hack or the Equifax data breach from 2017 usually lead to a spike in traffic to Purism’s website and a bump in sales. Rogers also said that after the Bezos hack, two venture capitalists reached out to him asking about the possibility of building a secure phone.
But even beyond the limitations that come with a privacy-oriented phone, it’s difficult for any newcomer to challenge a smartphone market that’s dominated largely by Samsung, Apple, and Chinese tech giant Huawei. Apple and Samsung each claimed 18% of the market share in the fourth quarter of 2019, according to Counterpoint Research, while Huawei claimed 14%, Xiaomi, Vivo, and Oppo each claimed 8% and Lenovo claimed 3%. No other smartphone maker accounted for a significant enough share of the market to break out in Counterpoint’s analysis.
“Short of government regulation that reshapes the market, it seems really unlikely and difficult in this market for a challenger to build any kind of scale business other than a really expensive niche device,” said Frank Gillett, a vice president and principal analyst for research firm Forrester who follows the technology industry and mobile device market.
What the rich and powerful do to protect their phones instead
Embracing a specialised device like the Librem 5 or other similar products may not be the right choice for most people, including billionaires like Bezos, who reportedly uses an iPhone X.
A more likely solution, particularly for high-net-worth individuals, is to carry a temporary burner phone while travelling, rather than using your primary smartphone that houses all of your sensitive data, according to Mike White, senior vice president and practice lead for security firm Hillard Heintze’s private client and family offices division.
White also said he suggests that his clients use the phone of someone else that wouldn’t be as high-profile or public-facing, like an assistant, to conduct extra sensitive communications.
While his clients haven’t expressed much interest in ultra-secure devices like the Librem 5 or Communitake IntactPhone, he has recommended using a satellite phone in some circumstances for those looking for enhanced security while travelling to remote locations. Even so, the satellite phone is usually meant to serve as an alternative to their primary phone, not a replacement.
But above all else, being cautious about opening unknown files and sharing personal information are among the most effective ways for anyone to protect their smartphone, public figure or not. After all, the Bezos attack came from a video file that was shared through social media, and Corcoran was almost scammed out of hundreds of thousands of dollars because a thief was able to spoof her assistant’s email address.
“There’s a certain degree of human error, if you will,” said White. “You could make the most secure device in the world, but if the device allows you to download that attachment and that attachment has malware, you’re going to be infected.”
Some of the best measures anyone can take on a daily basis, says White, is to practice strong password management and keeping apps and software up to date. That’s because while some people may be willing to compromise on having a phone that has the latest hardware and apps for enhanced privacy protections, the vast majority likely won’t.
“There’s an interesting analogy you can use,” says Gillett. “If you substituted ‘phone’ for ‘automobile,’ the question would be, would we all ride around in armoured vehicles?”
Business Insider Emails & Alerts
Site highlights each day to your inbox.