The attack burrowed deep into US telecommunication networks, collecting metadata, such as call logs, as well as scooping up unencrypted texts and some audio, with vice president-elect JD Vance notified that his phone had been targeted.

The strike lasted for at least eight months, revealing how mobile phones have become the main attack point for cyber criminals and state-sponsored bad actors. And it’s not just politicians who are being targeted, with hackers looking to infiltrate the phones of everyday users to glean sensitive information to stage Medibank-style attacks.

BlackBerry – best known for its smartphones, which it stopped making in 2017 – is now focusing on developing software for secure communications and says the hacks expose how telcos trade off “reachability” for security.

David Wiseman, BlackBerry vice-president of secure communications, said Chinese espionage groups allegedly targeting the cellphones of Mr Trump and Mr Vance as well as Democrat staffers of Kamala Harris’s campaign, highlight the “escalating threat to political figures by foreign adversaries”.

“The types of information potentially found on politicians’ phones can be invaluable to foreign intelligence agencies attempting electoral interference or other objectives that threaten national security,” he said.

“This scenario exposes vulnerabilities in telecommunications infrastructure and raises concerns about the effectiveness of current cybersecurity measures. Metadata generated by communications via ‘free’ apps for voice calls and messaging can be easily traded, fuelling ‘wire-tapping-as-a-service’ markets that are readily available for purchase on the internet.

“This underscores the harsh reality that trust placed in uncertified apps does not extend to what happens with your metadata.”

But it’s not just politicians. Texas-based Zimperium – which has built a mobile threat defence shield in Canberra – has revealed new malware, called FakeCall, that uses a range of techniques including what is known as “voice phishing” to trick people into divulging personal and sensitive information that can be used to commit identity fraud and financial crime.

“The malware can intercept and control incoming and outgoing calls, covertly making unauthorised connections. In this case, users may be unaware until they remove the app or restart their device,” Zimperium said.

Mr Wiseman has previously warned of cybercriminals and state-sponsored bad actors using fake mobile towers, known as dirtboxes, that can be bought for a several thousands of dollars, to intercept mobile communications.

He said the key vulnerability in public telecom networks was they were designed primarily around reachability so any number can easily call or text any other number in the world, which was core to their value.

“This also implies that automated interconnections must exist between the networks of all the carriers worldwide,” Mr Wiseman said.

“While this is core to the value that telecom networks provide to consumers it also means that security trade-offs must take place. The most significant one is around identity and specifically around the lack of identity validation in the public networks. Identify spoofing and spam communications are endemic and almost impossible to stop.

“In addition, the carrier interconnect cellular roaming protocols introduce the ability for potentially malicious carriers to redirect and intercept cellular connections for any phone number without the end user being aware this has occurred. This has led to the existence of criminal entities providing call interception as a service.”

Mr Wiseman said the solution lies in cryptographic authentication, which is crucial for ensuring secure communication channels and preventing identity spoofing, identity fraud, and deepfakes.

“Governments and campaign teams must prioritise secure, military-grade communication solutions that ensure full sovereign control over data to prevent eavesdropping, unauthorised access and espionage. This will significantly enhance the protection of sensitive information and national security and help uphold the integrity of democratic processes.”

More related stories

Technology

Stop dividends focus to become smart country: Tech Council

A slowdown in research and development spending is threatening to derail Anthony Albanese’s ‘smart economy’ plans, prompting the nation’s peak tech lobby to call for a cultural shift.

Read more

Technology

ANZ taps AI to build a better bank

ANZ bank has invested $2.5bn into its new online-only products and CEO Shayne Elliott says his team of software engineers has used AI to write code for apps and other programs.

Read more