Will smartphone-loving politicians hand over their handsets to thwart hackers?

Reluctant leaders are under pressure to give up personal devices after security lapses

Barack Obama takes a stroll with his BlackBerry on the South Lawn of the White House in 2014. AFP
Powered by automated translation

It was the running sore of the Barack Obama presidency: what sort of smartphone should the ultra-secure man in the White House use for keeping in touch with personal friends and contacts?

From 2009 there are headlines about the BlackBerry the president used, then there was controversy over the successor phone, and as late as 2016 there were reports on how Mr Obama was finally getting his hands on an iPhone.

His successor, Donald Trump, caused his own problems with his device in hand and found time to rage on the White House lawn about iPhone removing the home button.

And it is not just in America. Last week, two of the politicians with the most sensitive security roles in the UK were said to have been exposed to risk, including former prime minister Liz Truss, whose personal phone was hacked.

Perhaps for good reason, politicians have long resisted requests from intelligence staff to hand over their personal phones to secure them against foreign hacking.

Today, much of the dirtier side of politics is conducted through secret messages sent on apps such as Signal, Telegram or WhatsApp that foreign states could use for influence, intelligence or disruption of western democracies.

Ms Truss was found to have been hacked with a year’s worth of messages downloaded while she was foreign secretary.

British politicians have now been urged to take phone security more seriously after the high-level breach, which could lead to security services stepping in to prevent secret information from being stolen.

Security sources have told The National that there was an “intelligence services failing of basic housekeeping” in not running the politician’s personal phone through their system, but this is now likely to change.

Staff are keen to check if politicians' phones contain malware such as the Pegasus system, an Israeli-designed bug that can lie dormant on devices for at least two years, but which could be found in a basic check and removed, the source said.

Political resistance

Politicians' general unwillingness to be parted from their personal phones is fairly common, with Boris Johnson continuing to use his own phone while he was prime minister, despite the private number being online for years.

When I was a minister I had a special ministerial phone which was quite clunky and I never liked using it very much.
Former UK minister

Despite mobile phones being vulnerable to hacking, senior politicians have been insistent on using their personal devices.

Mr Obama used Twitter to great political advantage and was extremely resistant to not having a personal phone for calls and tweets.

Eventually a compromise was reached with security officials. His phone was handed over every 30 days to be examined by telecommunications experts for suspicious activity.

Mr Trump was even more recalcitrant and resisted handing over his two iPhones used for calls and his huge Twitter following.

By contrast, the former British Brexit secretary David Davis used a Faraday briefcase, blocking electromagnetic fields, for his electronic equipment to stop foreign intelligence services activating his phone’s microphone or camera to spy on him.

$5 million hacks

Instead of hostile countries spending resources on developing their own systems, they are paying private hackers up to $5 million for breaking into a system or an app that they can exploit for information.

“In the Truss case, a hostile state could have deployed something specific from a new hack and that would be a pretty big intervention to find one that gets into an iPhone,” the cybersecurity expert said.

“That's a valuable bit of kit you can sell that for millions on the dark market that will be weaponised by the Russians, Chinese or the North Koreans.

“If Apple release a ‘patch’ in the next few days, then we'll know that a vulnerability has been exploited in the iPhone as that will be used to fix it.”

The Pegasus hack also has clever penetration method as it can be unknowingly downloaded if a recipient simply opens a text message such as one stating they have won £500.

Hostile hackers

The Russian are named as the primary state hackers with their attempts to understand what the West is doing in Ukraine and how it might react to Moscow’s aggression.

“They want to cause disruption, find information, then leak it to undermine western governments,” a security source said.

It is also possible that Ms Truss’s phone was hacked when she visited Moscow to discuss Ukraine with Russian Foreign Minister Sergey Lavrov just before the February invasion.

But China, North Korea and Iran have also been named as major state hackers and all leave their own unique footprint, according to the cyber experts who have investigated their work.

“If a hack is the equivalent of your house being burgled, then if you go into your home and nothing's been disturbed but the locks have clearly been forced, that's probably the Chinese,” he said.

“If it's been ransacked and everything's everywhere, then it's probably the North Koreans.”

The expert said that If everything had been ransacked and the house had been soiled, “it was the Russians”.

Moscow’s cyber attackers are understood to use the private information as part of their kompromat strategy of leaking compromising information on leading politicians or businessmen.

While Iran has run a significant hacking operation in the past decade, in recent years experts said Tehran had not “weaponised” its operation, possibly because they “lacked the technological capability”.

Digital cleanliness

The cyber expert, who has worked on government contracts, said politicians should receive regular briefings that would include basic tips such as not having open house parties or going jogging alone, as these would be opportunities for hacks.

“If you're in the immediate spotlight you need thorough digital cleanliness and you should be briefed at least once a year, just to be reminded of the simple stuff.”

Ministers are given security-protected government phones but are also allowed to keep their private devices, which are likely to be the most vulnerable.

But one former minister admitted to The National that gossip still continued among WhatsApp groups on their private phones, with possibly important information divulged.

“When I was a minister I had a special ministerial phone which was quite clunky and I never liked using it very much,” the minister said.

“It was the phone for speaking to anyone about ministerial business, but frankly people tended not to use them because they were quite inconvenient.”

But he admitted that with Chinese and Russian penetration, politicians not using their ministerial phones was a concern.

“The extent of Chinese penetration is a great worry and it has been recognised as a real problem for quite a long time,” he said.

“One of the best things that we did recently was to exclude Huawei from our communications infrastructure. That was a really, really sensible thing to do.”

Former MI6 chief Sir Alex Younger said ministers should be “properly educated” about using their phones after Ms Truss’s security breach

“Levels of education aren’t high enough,” Mr Younger told Times Radio.

“I don’t think people are focusing enough on the risks to their security and their devices. Because these are hidden, threats aren’t properly understood.”

Kill the hack

There are basic steps that can ensure greater personal security. Simply switching an iPhone completely off can stop a hack running by rebooting the system.

“It kills a lot of the tracing programmes that can be placed on your phone and if you did that with Pegasus it will likely be deleted,” the cyber expert said.

“And there are certain things that you can always keep an eye out for, such as if your battery suddenly starts dying or draining really fast that means a hack is ongoing, and the same if it suddenly gets very hot.”

While WhatsApp is understood to be vulnerable to hacking — most likely from US security agencies — the Signal communications app is still considered the most secure, although this is only for sending encrypted information.

If a phone is hacked, then that information can be seen once it is received.

America’s National Security Service [NSA] insists on its personnel using iPhones as they are regarded as the safest, whereas hackers can “drive a coach and horses” through the security on Android phones.

A technique used by NSA operators is delivering information on large video messages ,“because they are so big in data size it's very difficult to either hack it or to just transfer the data right”, the security source said.

Robust systems

The Prime Minister’s spokesman told The National that while the government did not comment on security matters, individual ministers did receive regular briefings on “protecting their personal data and mitigating cyber threats” to prevent hacking.

“We do have robust systems in place to protect against those threats,” he said. “And we take any leaking of information seriously — but I cannot get into the details.”

Updated: November 05, 2022, 10:08 AM