Donald Trump refuses to give up his insecure Android-based smartphone even after becoming president. He continues to use his old Samsung Galaxy S3 to tweet from his @realDonaldTrump account.

The president, who on Jan. 4, called the Democratic National Committee careless with its security while refering to election rival Hillary Clinton’s emails being hacked, is himself quite vulnerable to hacking.

Hacking group Anonymous has repeatedly tweeted against Trump and has warned it will be targeting him.

The group on Friday attached a screenshot in a tweet explaining how Trump’s phone is vulnerable to hacking as the phone runs on Android 4.4 OS, which is out-of-date with existing security requirements. The tweet mentioned a software called Stagefright which could be used by anyone to hack into the phone.

How Stagefright works

On phones running Android versions older than Android 5.0.1, background components, such as those used to play multimedia files, are implemented in the native C++ code instead of more secure languages such as Java. This leads to remote code execution vulnerabilities, which can be exploited using various hacking methods, one of which is Stagefright.

To run Stragfright, the hacker simply needs to know the person’s phone number, using which he could send a special MMS to the device containing a .MP4 file. Once the MMS containing the .MP4 is downloaded, the hacker will be able to execute malicious codes on the person’s smartphone and compromise sensitive data.

Since MMS files are automatically downloaded when an Android device is connected to the internet, this means the vulnerability doesn’t require any action on the part of the user to execute itself. The hacker will be able to send the MMS and delete it while the device is on standby mode.

Simply put, Trump’s phone could be hacked while he sleeps.