Will smartphone-loving politicians hand over their phones to thwart hackers?
It was the running wound of Barack Obama’s presidency: what kind of smartphone should the ultra-secure man in the White House use to keep in touch with personal friends and contacts?
From 2009, there are headlines about the BlackBerry the president used, then there was controversy about the successor phone, and as recently as 2016 there were reports of how Obama finally got his hands on an iPhone.
His successor, Donald Trump, caused his own problems with his device in hand and found time to rage over the iPhone’s removal of the home button on the White House lawn.
And it’s not just in America. Last week, two of the politicians with the most sensitive security roles in the UK were said to have been put at risk, including former Prime Minister Liz Truss, whose personal phone was hacked.
Perhaps with good reason, politicians have long resisted requests from intelligence personnel to hand over their personal phones to secure them against foreign hacking.
Today, much of the dirtier side of politics is carried out through secret messages sent on apps such as Signal, Telegram or WhatsApp that foreign states can use to influence, spy or disrupt Western democracies.
Truss was found to have been hacked with a year’s worth of messages downloaded while she was Foreign Secretary.
British politicians have now been urged to take phone security more seriously after the high-profile breach, which could lead to security services stepping in to prevent classified information being stolen.
Security sources have said so The national that it was an “intelligence service that failed basic housekeeping” by not running the politician’s personal phone through their system, but this is now likely to change.
Staff are keen to check politicians’ phones for malware such as the Pegasus system, an Israeli-designed bug that can lie dormant on devices for at least two years but can be found in a basic check and removed, the source said.
Politicians’ general reluctance to part with their personal phones is fairly common, with Boris Johnson continuing to use his own phone while Prime Minister, despite the private number being online for years.
When I was a minister I had a special ministerial phone which was quite clumsy and I never liked using it very much.
Former British minister
Despite mobile phones being vulnerable to hacking, senior politicians have insisted on using their personal devices.
Obama used Twitter to great political advantage and was extremely resistant to not having a personal phone for calls and tweets.
Eventually, a compromise was reached with security officials. His phone was handed over every 30 days to be examined by telecommunications experts for suspicious activity.
Mr Trump was even more defiant, resisting handing over the two iPhones used for calls and his huge Twitter following.
By contrast, former UK Brexit secretary David Davis used a Faraday case, which blocked electromagnetic fields, for his electronic equipment to stop foreign intelligence services activating his phone’s microphone or camera to spy on him.
$5 million hacks
Instead of enemy countries devoting resources to developing their own systems, they pay private hackers up to $5 million to break into a system or app that they can exploit for information.
“In the Truss case, a hostile state could have deployed something specific from a new hack, and it would be a pretty big intervention to find one that gets into an iPhone,” the cybersecurity expert said.
“It’s a valuable piece of kit you can sell for millions on the dark market that will be weaponized by the Russians, the Chinese or the North Koreans.
“If Apple releases a ‘patch’ in the next few days, we will know that a vulnerability has been exploited in the iPhone that will be used to fix it.”
The Pegasus hack also has a clever penetration method as it can be unknowingly downloaded if a recipient simply opens a text message such as one saying they’ve won £500.
The Russians are named as the current primary state hackers with their efforts to understand what the West is doing in Ukraine and how it might respond to Moscow’s aggression.
“They want to cause disruption, find information and then leak it to undermine Western governments,” a security source said.
It is also possible that Truss’ phone was hacked when she visited Moscow to discuss Ukraine with Russian Foreign Minister Sergey Lavrov just before the invasion in February.
But China, North Korea and Iran have also been named as major state hackers and all leave their own unique footprint, according to the cyber experts who have examined their work.
“If a hack equates to your house being broken into, then if you go into your home and nothing has been disturbed but the locks have obviously been forced, it’s probably the Chinese,” he said.
“If it’s been searched and everything is everywhere, then it’s probably the North Koreans.”
The expert said that if everything had been ransacked and the house had been soiled, “it was the Russians”.
Moscow’s cyber attackers are understood to use the private information as part of theirs kompromat strategy to leak compromising information about leading politicians or businessmen.
While Iran has run a significant hacking operation over the past decade, experts said in recent years that Tehran did not “weaponize” its operation, possibly because it “lacked the technological capability.”
The cyber expert, who has worked on government contracts, said politicians should receive regular briefings that would include basic tips such as not to hold open house parties or go jogging alone, as these would be opportunities for hacking.
“If you’re in the immediate spotlight, you need thorough digital cleanliness, and you should be briefed at least once a year, just to be reminded of the simple things.”
Ministers get security-protected government phones, but they also get to keep their private devices, which are likely to be the most vulnerable.
But a former minister admitted it The national that the gossip still continued among WhatsApp groups on their private phones, with possibly important information leaked.
“When I was a minister I had a special ministerial telephone which was quite clunky and I never really liked using it,” the minister said.
“It was the phone to talk to anyone about ministerial business, but frankly people tended not to use them because they were quite inconvenient.”
But he admitted that with Chinese and Russian penetration, politicians not using their ministerial phones was a concern.
“The scale of Chinese penetration is a big concern and it’s been recognized as a real problem for quite some time,” he said.
“One of the best things we did recently was to exclude Huawei from our communications infrastructure. It was a very, very sensible thing to do.”
Former MI6 chief Sir Alex Younger said ministers should be “properly educated” about using their phones after Truss’ security breach
“Education levels are not high enough,” Younger told Times Radio.
“I don’t think people focus enough on the risk to their security and their devices. Because these are hidden, the threats are not properly understood.”
Kill the hack
There are basic measures that can ensure greater personal safety. Simply turning off an iPhone completely can stop a hack running by restarting the system.
“It kills a lot of the tracking programs that can be put on your phone, and if you did that with Pegasus it will probably be deleted,” the cyber expert said.
“And there are certain things you can always keep an eye on, like if your battery suddenly starts dying or draining very quickly, that means a hack is going on, and the same if it suddenly gets really hot.”
While WhatsApp is considered to be vulnerable to hacking – most likely from US security agencies – the Signal communication app is still considered the most secure, even if this is only for sending encrypted information.
If a phone is hacked, that information can be seen once received.
America’s National Security Service [NSA] insists its personnel use iPhones as they are considered the most secure, while hackers can “drive a coach and horses” through the security of Android phones.
One technique used by NSA operatives is to deliver information on large video messages “because they are so large in data size it is very difficult to either hack it or just transfer the data correctly”, the security source said.
The Prime Minister’s spokesman said so The national that while the government did not comment on security issues, individual ministers received regular briefings on “protecting their personal data and mitigating cyber threats” to prevent hacking.
“We have robust systems in place to protect against these threats,” he said. “And we take any leak of information seriously – but I can’t go into the details.”
Updated: 4 November 2022, at 18.00