The real spyware threat could be in your pocket

U.S. intelligence agencies are on high alert after CNN reported that Iran is actively preparing cyberattacks aimed at critical government and military infrastructure. But the real threat may already be inside the wire — not from foreign hackers at a keyboard, but from mobile phones unknowingly or deliberately carried into the nation’s most sensitive facilities.

The devices we carry every day are now among our greatest national security vulnerabilities.

In 2025, secrets aren’t stolen with a crowbar. They’re stolen with an app.

Despite years of post-9/11 investments in hardened infrastructure, the federal government has been remiss in investing in a sensor network to keep pace with the risks of wireless technology now embedded in daily life.

When the first iPhone was introduced in 2007, it ushered in a new era of hyper-connected mobility. Since then, innovation has continued to explode, bringing countless benefits but also exposing serious vulnerabilities.

Our most secure government facilities are wide open to wireless threats.

Today, up to 90% of secure government facilities rely on little more than the honor system and self-reporting to keep unauthorized wireless devices — mobile phones, smartwatches, rogue transmitters — out of sensitive compartmented information facilities, special access program facilities, and other high-security zones. In an era of Pegasus spyware and remote malware, this should be viewed as a national security malpractice.

Portable security risks

The modern smartphone is a traitor’s dream — portable, powerful, and everywhere. It records audio and video, it transmits data instantaneously via Wi-Fi, Bluetooth, and cellular networks, and it connects to everything — from commercial clouds to encrypted chat apps. And yet these devices are routinely brought into facilities housing classified intelligence data, most often undetected and without consequence.

Take the case of Asif W. Rahman, a former CIA analyst who held a top-secret security clearance and was recently sentenced to three years in federal prison for photographing classified information and transmitting it to unauthorized recipients, who then posted the material to social media. Snapping and sharing photos of classified government documents using a smartphone is stunningly simple, with no high-tech espionage or daring break-ins required.

Every week offers new examples like this. People inside the Department of Defense and State Department have been caught photographing screens, copying documents, and walking classified data right out the door. These are crimes of opportunity, enabled by lax enforcement and outdated security measures.

If a wireless intrusion detection system were in place, the device would have triggered an alert and stopped these breaches before they became major national security failures.

Exploiting our weaknesses

Now, with Iran probing for cyber vulnerabilities, the risk of insiders being exploited or coerced into facilitating digital breaches through personal devices has never been higher. And it can happen without a trace if the right wireless defenses aren’t in place.

In 2023, the secretary of defense issued a memo directing all Defense Department offices to install wireless intrusion detection systems to monitor unauthorized devices. The technology works. It detects any device that emits a wireless signal — such as phones, smartwatches, or even printers with Wi-Fi — inside a restricted area. Yet the directive remains largely unfunded and unenforced.

RELATED: After the bombs, Iran sharpens its digital daggers

Gwengoat via iStock/Getty Images

Near-peer adversaries, terrorist groups, and criminal syndicates are exploiting wireless threats to their advantage. They don’t need sophisticated tradecraft and specialized technologies. They simply need to compromise and leverage someone with access and a phone. And with thousands of secure facilities across the country, that opportunity presents itself every day.

In light of the latest intelligence warnings, we need to fund wireless intrusion detection across all SCIFs and SAPFs and educate agency leaders on the vulnerabilities posed by modern smartphones.

We need to hold bad actors accountable — not retroactively or as part of a congressional committee hearing, but by making sure they never have the opportunity to compromise the integrity of national security in the first place.

Protecting digital secrets

The U.S. government has spent billions building concrete walls, locking doors, and implementing network-specific defenses to protect its secrets. But in 2025, secrets aren’t stolen with a crowbar; they’re stolen with an app.

Until we treat the wireless threat with the same seriousness, those secrets will remain just one text message or compromised phone away from unauthorized disclosure of highly classified information.

You can’t protect your most sensitive state secrets if you are blind to the threat. Without action, these vulnerabilities will only grow more dangerous — and more missions and lives may be put at risk.

Editor’s note: This article was originally published by RealClearDefense and made available via RealClearWire.