Mobiles are inherently insecure, which may come as a surprise to UK politicians | Hacking
It is no longer news to point out that a cell phone, if hacked, can be the ultimate tool for surveillance. But the question is whether it is a surprise to British politicians – and whether they are using their devices wisely or carelessly.
We will almost never know exactly what happened to Liz Truss’ phone. The then foreign secretary had to abruptly ditch her main number and pick up a new government-issued handset in the summer, just as it emerged she was likely to become the next prime minister after Boris Johnson.
Political insiders say the fear was that Russian actors had hacked into the politician’s phone, although the security community is said to be less sure what happened even now, three months later. What has been agreed is that Truss would have to change his main number quickly in the summer, such was the anxiety in Whitehall.
But it comes after a series of similar concerns about ministerial mobile phone security, not least that Boris Johnson’s phone number was freely available online for 15 years – and that the UAE was accused by forensic experts of trying to hack into phones in Downing Street and Foreign Office, a claim that Abu Dhabi denies.
The reality is that a mobile phone is inherently insecure, but like everyone else, a politician will want and indeed need to use one. So the question is: what information is shared via a politician’s mobile and how sensitive is it?
Ministers are given a security briefing when they enter office and are told they could be prosecuted under the Official Secrets Act if they send highly classified information via a mobile device, or indeed by other means.
But they are not forced to give up their personal phones: a more secure, government case can be offered, but for some ministers, including Johnson, it may be a while before their old phone is valued from them.
On the other hand, it is unlikely that Truss would have been careful enough to share secret or top secret papers via her phone. A former Whitehall insider said it would require her to “carry out very complicated document transfers” or ask someone else to do them for her in breach of the rules.
But other ministers have done stupid things. A personal email account belonging to Liam Fox, the former trade secretary, was repeatedly hacked by Russians in 2019, who then stole classified documents relating to US-UK trade talks – a reminder of how carefully Suella Braverman’s recent use of a personal email post account can be.
At the time of the security alert surrounding Truss’s phone, the concern was that her WhatsApp messages – possibly dating back several months – had been compromised. Some of this is likely to be cabinet gossip, backchat with colleagues and allies, or other inside material that affects the government’s business.
Much may not be fundamental to the state’s confidential business. But Peter Ricketts, a former national security adviser, describes it as material in “a problem area” in that while it is “not strictly classified, it can be quite sensitive”.
A ruckus at the heart of government could be of interest to spying eyes, especially if it concerned foreign or defense policy, as could communications with foreign leaders.
The reality, Ricketts argues, is that ministers need to use their mobile phones and their personal emails wisely – and that they are not short of official advice on how to do so. What is less certain is whether ministers will pay attention.