Hackers, highly likely to be state-sponsored, continue successfully targeting White House officials. In a latest of these incidents, chief of staff John Kelly (former Secretary of Homeland Security) has been reported to have used a compromised phone for as long as a few months.
In a report, Politico said that Kelly waited months before reporting the problems with his phone to the White House tech support staff, leading the White House to believe that sensitive data may have been stolen.
"The discovery raises concerns that hackers or foreign governments may have had access to data on Kelly’s phone while he was secretary of Homeland Security and after he joined the West Wing."
"Phone hadn't been working properly for months," White House COS
Citing at least three US government officials, the report said that the phone may have been compromised in December, last year. However, Kelly didn't report the issues, including the fact that he was unable to install new updates, to the support staff until months later.
"Tech support staff discovered the suspected breach after Kelly turned his phone in to White House tech support this summer complaining that it wasn’t working or updating software properly.
"Kelly told the staffers the phone hadn’t been working properly for months, according to the officials."
The hack of White House chief of staff's phone is coming to light only now because the Trump administration produced a memo about the incident last month. The administration is concerned about the data that could have been stolen from Kelly during both his appointments as Secretary of Homeland Security and now as chief of staff.
While it isn't confirmed what phone Kelly was using that had been breached by the state-sponsored hackers, Kelly has been seen using iPhone on several occasions. White House spokesperson said that Kelly didn't use that phone often and has now moved on to a different one. "This official said Kelly relied on his government-issued phone for official communications," Politico added.
Security experts say that the worst case scenario would be complete access, which is what the West Wing is concerned about, currently reviewing Kelly's travel schedule. Bill Marczak of the Citizen Lab said:
“The [attackers] I would be most worried about are nation-states or other actors who may have access to resale of commercial spyware sold to nation-states.
"The average user won’t notice anything at all. Really, the only way to pick up on that is to do forensics on the phone."
Since the so-called "Clinton hack" last year, security experts have warned the US government officials to be more careful with their cybersecurity. However, officials continue disregarding security protocols, using personal emails for government business and neglecting potential security issues in their devices.
White House hasn't officially assigned blame to anyone for this hack. The administration, despite testing the phone for several weeks now, also hasn't revealed how the attack was carried out.
