- Groups linked to China's intelligence service have targeted smartphones of people working in government, politics, technology and journalism, according to national security and technology experts.
WASHINGTON: Cybersecurity investigators have spotted a highly unusual software glitch that has affected a small number of smartphones belonging to people working in government, politics, technology and journalism.
The outages, which began late last year and continued until 2025, were a harbinger of a sophisticated cyberattack that could allow hackers to infiltrate a phone without a single click from the user.
The attackers left no evidence to reveal their identities, but investigators from cybersecurity company iVerify noticed that all the victims had one thing in common: they worked in areas of interest to the Chinese government and had been targeted by Chinese hackers in the past.
Foreign hackers increasingly identify smartphones, other mobile devices and the apps they use as a weak link in U.S. cyber defenses. Groups linked to China’s military and intelligence services have targeted the smartphones of high-profile Americans and penetrated deep into telecommunications networks, national security and technology experts say.
Experts say it shows how vulnerable mobile devices and apps are, and the risk that security breaches could expose sensitive information or leave American interests open to cyberattacks.
“The world is in a mobile security crisis right now,” said Rocky Cole, a former cybersecurity expert at the National Security Agency and Google who is now chief operating officer of iVerify. “Nobody is monitoring phones.”
US sees China as threat, Beijing makes its own accusations
In December, US authorities warned of a widespread Chinese hacking campaign aimed at gaining access to the text messages and phone calls of an unknown number of Americans.
“They were able to listen to phone calls in real time and read text messages,” said Rep. Raja Krishnamoorthi of Illinois, a member of the House Intelligence Committee and the ranking Democrat on the Committee on the Communist Party of China, which was created to study the geopolitical threat posed by China.
Chinese hackers also tried to gain access to phones used by Donald Trump and his running mate J.D. Vance during the 2024 campaign.
The Chinese government has denied the cyber-espionage allegations and accused the United States of conducting its own cyber operations. It says America is citing national security as justification for imposing sanctions on Chinese entities and keeping Chinese tech companies out of global markets.
“The United States has long used all sorts of disgusting methods to steal other countries' secrets,” Chinese Foreign Ministry spokesman Lin Jian said at a recent press conference in response to questions about the CIA's efforts to recruit Chinese informants.
U.S. intelligence officials have said China poses a significant and ongoing threat to U.S. economic and political interests and uses the tools of digital conflict: online propaganda and disinformation, artificial intelligence, cyber surveillance and espionage, to provide a significant advantage in any military conflict.
Mobile networks are the biggest concern. The U.S. and many of its closest allies have banned Chinese telecoms from using their networks. Other countries, including Germany, are gradually shedding Chinese involvement over security concerns. But Chinese tech companies remain a significant part of many countries’ systems, giving state-controlled companies a global footprint they can use for cyberattacks, experts say.
Chinese telecom companies still use some U.S. routing and cloud storage systems, raising growing concerns among lawmakers.
“The American people deserve to know whether Beijing is covertly using state-owned companies to penetrate our critical infrastructure,” said John Moolenaar, a Michigan Republican and chairman of the House China Committee, which in April subpoenaed Chinese telecom companies for information about their activities in the U.S.
Mobile devices have become Intel's treasure trove
Mobile devices can buy stocks, launch drones, and control power plants. Their adoption has often outpaced their security.
The phones of senior government officials are particularly valuable because they contain sensitive government information, passwords, and provide an inside look into political discussions and decision-making.
Last week, the White House said someone posing as Susie Wiles, Trump's chief of staff, had been contacting governors, senators and business leaders via text messages and phone calls.
It is unclear how the man obtained Wiles' contacts, but he apparently accessed contacts on her personal cellphone, The Wall Street Journal reported. No messages or calls came from Wiles' number, the newspaper reported.
While most smartphones and tablets come with robust security, apps and connected devices often lack the protection or regular software updates needed to stay ahead of emerging threats. This makes every fitness tracker, baby monitor, or smart device another potential staging area for hackers looking to break into networks, steal information, or infect systems with malware.
Federal officials this year launched a program to create a “cyber trust mark” for connected devices that meet federal security standards. But consumers and officials should not let their guard down, said Snehal Antani, former chief technology officer of the Pentagon’s Joint Special Operations Command.
“They are finding backdoors in Barbie dolls,” said Antani, now CEO of cybersecurity company Horizon3.ai, referring to the concerns of researchers who managed to hack the microphone of a digital version of the toy.
Risks arise when smartphone users fail to take precautions
Experts say it doesn't matter how secure a mobile device is if the user doesn't take basic security precautions, especially if their device contains sensitive or confidential information.
Mike Waltz, Trump's resigning national security adviser, inadvertently added The Atlantic's editor-in-chief to a Signal chat used to discuss military plans with other senior officials.
Defense Secretary Pete Hegseth had an Internet connection installed in his office that bypassed Pentagon security protocols so he could use the Signal messaging app on his personal computer, the AP reports.
Hegseth denied claims that he shared classified information on Signal, a popular encrypted messaging app that is not approved for sharing classified information.
China and other countries will try to exploit such lapses, and national security officials must take steps to prevent them from happening again, said Michael Williams, a national security expert at Syracuse University.
“They all have access to different secure communication platforms,” Williams said. “We just can't share things as we please.”
