It's no secret that President Donald Trump tweets at all hours, and calls friends and advisors late into the night. But a New York Times report indicates that, thanks in part to Trump's use of a personal iPhone, Chinese and Russian spies are listening in on his calls.

That other countries would want to spy on Trump should come as no surprise. The US certainly does its share of surveillance on world leaders. But Trump has developed a track record since entering the White House of using personal, under-secured mobile devices that make snooping on him that much easier.

iSpy

The Times reports that Trump currently has three iPhones—an NSA-secured iPhone for calls, another secure iPhone that can't make calls but does have Twitter and other apps, and a personal, off-the-shelf iPhone, apparently with no added security, that he keeps handy because he can store his contacts on it. That last one is the main concern. But Trump also apparently still refuses to even swap out his official iPhones every 30 days, which would generally be required of such a high-profile government official, in order to purge any malware.

"The point appears to be that he is not listening to others' advice," says Will Strafach, an iOS security researcher and the president of Sudo Security Group. "The big question is whether this is due to not caring, or if it is because there are no immediately available better solutions."

A White House representative did not return a request from WIRED for comment, but Trump himself tweeted on Thursday morning that, "I only use Government Phones, and have only one seldom used government cell phone." Trump also wrote that the Times report "is so incorrect I do not have time here to correct it." He later found time to add, "I rarely use a cellphone, & when I do it’s government authorized. I like Hard Lines." Tweetdeck, which lets you view what platform a tweet originated from, shows that Trump sent both of Thursday morning's missives from an iPhone.

A combination of mobile network flaws and insecure telephony protocols makes establishing truly secure calls difficult under any circumstance. And as with end-to-end encrypted messaging apps, both the caller and receiver need to use the same secure platform or infrastructure to keep a call secure. But the government uses an array of precautions that help protect calls that Trump makes through the White House switchboard. By flouting best practices and holding on to unmodified personal devices, Trump unduly exposes himself.

How They'd Hack

If Russia and China really are surveilling Trump's mobile calls, one possibility would be that they're doing it by manipulating an insecure mobile telephony protocol known as SS7. These types of attacks have become an increasing concern around the world; in May, the Department of Homeland Security admitted that hackers may be actively exploiting SS7 against US cellphone users.

But Karsten Nohl, chief scientist at the German firm Security Research Labs, who researches cell network attacks, says the Times report may indicate that surveillance of Trump's mobile calls go even further. It "suggests a compromise of the telephone company infrastructure on a deeper level than just sending SS7 requests," Nohl says. He likens it to an incident when unknown parties compromised switches on the Vodafone Greece network without the carrier's knowledge, and used that access to tap the mobile calls of Greek government officials and other prominent citizens.