Cybersecurity investigators noticed a highly unusual software crash — it was affecting a small number of smartphones belonging to people who worked in government, politics, tech and journalism.
The crashes, which began late last year and carried into 2025, were the tipoff to a sophisticated cyberattack that may have allowed hackers to infiltrate a phone without a single click from the user.
It shows how vulnerable mobile devices and apps are and the risk that security failures could expose sensitive information or leave American interests open to cyberattack, those experts say.
“They were able to listen in on phone calls in real time and able to read text messages,” said Rep. Raja Krishnamoorthi of Illinois. He is a member of the House Intelligence Committee and the senior Democrat on the Committee on the Chinese Communist Party, created to study the geopolitical threat from China.
Chinese telecom firms still maintain some routing and cloud storage systems in the U.S. — a growing concern to lawmakers.
“The American people deserve to know if Beijing is quietly using state-owned firms to infiltrate our critical infrastructure,” U.S. Rep. John Moolenaar, R-Mich. and chairman of the China committee, which in April issued subpoenas to Chinese telecom companies seeking information about their U.S. operations.
Mobile devices can buy stocks, launch drones and run power plants. Their proliferation has often outpaced their security.
It’s unclear how the person obtained Wiles’ connections, but they apparently gained access to the contacts in her personal cellphone, The Wall Street Journal reported. The messages and calls were not coming from Wiles’ number, the newspaper reported.
Federal officials launched a program this year creating a “cyber trust mark” for connected devices that meet federal security standards. But consumers and officials shouldn’t lower their guard, said Snehal Antani, former chief technology officer for the Pentagon’s Joint Special Operations Command.
“They’re finding backdoors in Barbie dolls,” said Antani, now CEO of Horizon3.ai, a cybersecurity firm, referring to concerns from researchers who successfully hacked the microphone of a digitally connected version of the toy.
It doesn’t matter how secure a mobile device is if the user doesn’t follow basic security precautions, especially if their device contains classified or sensitive information, experts say.
China and other nations will try to take advantage of such lapses, and national security officials must take steps to prevent them from recurring, said Michael Williams, a national security expert at Syracuse University.
“They all have access to a variety of secure communications platforms,” Williams said. “We just can’t share things willy-nilly.”
