Cyber-security super-brain Rudy Giuliani forgets password, bricks iPhone, begs Apple Store staff for help
What do you expect from Mister 'Truth isn't truth'?
The month after Rudy Giuliani was named the US president’s cybersecurity adviser, the former mayor of New York queued up outside an Apple Store in San Francisco to get staff to reset his iPhone because he couldn’t remember the passcode.
Giuliani had typed into the wrong code more than 10 times, seizing up the phone and an Apple staffer reset and restored the iPhone 6 using his iCloud backup, according to NBC News which today saw and posted a picture of the internal Apple memo concerning the visit.
The yarn - which has not been disputed - has left security experts stunned. As an adviser on cybersecurity to President Trump and more recently as his personal lawyer, Giuliani has direct access to the White House and, if reports are to be believed, is in charge of a parallel foreign policy effort involving a range of countries, most notably Ukraine.
Or, in other words, Giuliani’s phone is a prime target for surveillance efforts and he simply handed it over to a random Apple employee. Not only that but he couldn’t remember his own passcode, and has backed everything up to Apple’s iCloud. He is a walking security risk.
A pic of the internal Apple memo on Giuliani's visit, as obtained by NBC.
The news that Giuliani has absolutely zero recognition of the risks associated with such behavior comes just days after it was revealed that he had twice butt-dialed a telly journalist this month, and left potentially incriminating voicemails.
In one, he was heard discussing presidential candidate Joe Biden and his son - a topic that become the focus of an impeachment inquiry in President Trump - and his attempts to pressure Ukraine into investigating the pair for domestic political gain; on the other he was heard discussing an urgent need for “a few hundred thousand” dollars in a discussion about Bahrain.
Then again, Giuliani caused widespread mirth in the IT security community with this little brain fart on how to lock down computer systems:
5/ What was Giuliani invited to speak about? Cybersecurity and “technological breakthrough.” pic.twitter.com/70jPNYMy9D— ProPublica (@propublica) September 28, 2019
Those voicemails have already led another presidential hopeful, Senator Kamala Harris, to call for an investigation into Giuliani’s foreign activities.
Donald Trump will take cybersecurity advice from, um, Rudy GiulianiREAD MORE
Adding to his woes, the State Department agreed this week to release documents related to President Trump’s handling of aid to Ukraine, covering communications between officials and Trump’s private lawyers and associates - including Rudy Giuliani.
As we noted at around the time Giuliani was named White House cybersecurity advisor in January 2017, not only does Rudy know nothing about the subject but his website - Giulianisecurity.com - was painfully out-of-date and wide open to hacking.
The fact that even after he was named as a key White House adviser Giuliani didn’t see any issue with turning up to an Apple Store and handing over his phone to effectively a complete stranger is not great.
And in that he seems to share the same lax attitude to security as the president himself, who was repeatedly warned about his use of a personal, insecure phone in the early days of his presidency. Of course, most people don’t want people listening into their conversations - especially when in very powerful positions - because it indicates what their views are on any given topic.
But if those views change significantly from day-to-day, moment-to-moment and tweet-to-tweet, maybe it doesn’t matter at all. Because no one, not even Rudy Giuliani, knows what is going on in his head. Well, apart from Apple Store employees. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust