After liz truss's smartphone "hack", will ministers finally take cybersecurity seriously?

National security concerns have been raised following reports that Liz Truss had her personal phone hacked by a foreign entity, which many have presumed to be Russia, while she was foreign

secretary. Over a year’s worth of conversations, including sensitive messages and exchanges with international foreign ministers about the war in Ukraine, are believed to have been accessed

by the hackers. It wasn’t until the Tory leadership campaign this summer that security services noticed that Truss’s phone had been compromised, the _Mail on Sunday_ reports. Boris Johnson,

the prime minister at the time, and Simon Case, the cabinet secretary and head of the civil service, imposed a “news blackout” on the hack, the paper alleges.  Truss’s device is reported to

be so heavily compromised that it has been placed in a locked safe in “a secure government location”. There have been calls for a full investigation. The government is yet to confirm whether

Truss, who was foreign secretary from September 2021 until her short-lived tenure as prime minister, indeed had her device compromised. Michael Gove, the Levelling Up Secretary, told Sky

News that the government took these matters “incredibly seriously” but he did not know the full details “of what security breach, if any, took place”. A government spokesperson said that

they “do not comment on individuals’ security arrangements” and added that the government “has robust systems in place to protect against cyber-threats”, which includes “regular security

briefings for ministers”. This month Suella Braverman, the Home Secretary, initially resigned after sending confidential policy documents to an adviser outside of government, and was later

rehired to her post by Rishi Sunak when he became Prime Minister. Is there a need for official rules setting out how government officials conduct business and handle sensitive documents? And

if the reports are true and Truss’s phone was hacked by Russia, what does it mean for national security? “It’s a very big deal,” Alan Woodward, a forensic computing expert at the University

of Surrey, told _Spotlight_. “Imagine being able to walk into the room and listen to the conversations, read the messages of a foreign secretary when you’re a foreign power. It’s what every

intelligence service wants to know: what the person on the other side of the table is thinking, what their intentions are; who are they allying themselves to.” _[SEE ALSO: THE POLICY ASK

WITH MARK GIROLAMI: “COMPUTER SCIENCE SHOULD BE COMPULSORY AT GCSE LEVEL”]_ The most likely way in which Truss’s phone could have been compromised is by sophisticated spyware technology

being installed onto it, Woodward said. In theory there are two ways that could be carried out: either by exploiting vulnerabilities in some of the software used on the phone, or by foul

play, with someone getting “physical access to your phone, and being able to plug something in, and uploading [spyware] to your device”. MPs are known to frequently use messaging services

such as WhatsApp, where messages are protected by end-to-end encryption, but hackers could still access those messages if they had installed spyware, Woodward warned. “If it’s the right type

of spyware, and it’s able to access enough on the phone, then anything on the phone – which includes messages from encrypted messaging services, emails, and potentially microphones, cameras

and GPS – could be accessed.” Officials have what Woodward referred to as a “BYOD” (bring your own device) problem: ministers often prefer to conduct official business on their personal

phones, as opposed to more secure government devices, for the sake of convenience. “If someone’s using their own device [things] can get very porous. It’s almost inevitable that someone’s

going to find a weak spot and target that device. When you’re a high-value target like Liz Truss, you’ve got to expect that you’re going to be targeted.” Today’s sensitive geopolitics make

the possibility of a hack on Truss’s phone even worse, Woodward said. “I wouldn’t be surprised if foreign agencies haven’t been trying to do it to many politicians. Unfortunately, this is in

a period where she appears to be having some very sensitive conversations on non-government channels. It’s terribly convenient, but you shouldn’t be having those conversations on your own

[personal] device.” Politicians are given “a lot” of advice on protecting their correspondence, which includes not using personal phones for official business, from the National Cyber

Security Centre and other government agencies, said Woodward, “but whether they’re sticking to it or not, I have my doubts – simply because of the convenience.” “They’re told endlessly not

to do it, but I’m afraid they do, as seen with Suella Braverman,” he continued. The Home Secretary has admitted sending government documents to her personal email address, and sending a

sensitive document to a colleague from her private phone. “That’s just a no-no – you may as well send a postcard, email is just that insecure.” To protect politicians, and by extension

national security, Woodward suggested that a ban on conducting official business on personal phones should be written into the ministerial code, and that those in the highest ranks of

government should have their devices checked regularly for abnormalities. While calls for an investigation into the alleged hack persist, concerns about hostile foreign agencies targeting

politicians will only continue, Woodward said. “It’s not just a sign of things to come, but where we already are,” he said. “Mobile devices are very desirable. It’s Christmas if you can get

into it and control it.” _[SEE ALSO: NHS DIGITAL’S MIKE FELL: “CYBERSECURITY CAN SOUND BIZARRE, BUT GETTING IT WRONG PUTS PATIENTS AT RISK”]_ Topics in this article : Boris Johnson , Cyber ,

Cybersecurity , Liz Truss , pwfree , Russia , UK government