100 countries can hack your smartphone, UK government confirms

More than half of the world’s governments today have at their disposal sophisticated commercial spyware tools designed to breach mobile devices and computers in order to steal sensitive information.

This is the alarming picture that emerges from recent intelligence briefings by the British intelligence community. According to the briefings from the National Cyber Security Centre (NCSC) of the United Kingdom, the entry barrier for acquiring these surveillance technologies has drastically lowered.

Such accessibility makes it much easier, for foreign governments and cyber criminals, to target citizens, businesses and critical infrastructure through state-of-the-art spyware.

Hacking smartphones is within reach for 100 countries, according to the UK

Data collected by British authorities show a worrying growth in the number of nations equipped with such capabilities. If in 2023 it was estimated that around 80 countries had access to these tools, today the figure has risen to 100.

The commercial spyware, developed by private companies such as NSO Group with its well-known program Pegasus and Paragon with Graphite, is based primarily on exploiting specific vulnerabilities within the operating systems of smartphones and computers.

Once installed, these programs operate quietly to extract the data contained in the devices. Despite official statements by many governments, which claim to employ these technologies exclusively against high-profile criminals and suspected terrorists, security researchers and human rights defenders have long warned of a grave abuse of such means.

Such tools are often used to target political opponents, activists and journalists, silencing critical voices.

The new victims: from journalism to finance

UK intelligence highlights a significant shift in the types of victims affected by these digital intrusions. In recent years, the reach has broadened to include bankers, journalists and wealthy businessmen, transforming espionage into a direct threat even to the integrity of the economic sector.

During his address at the CYBERUK conference in Glasgow, the NCSC director, Richard Horne, issued a stern warning, stating that British companies are not grasping the gravity of the current situation.

Horne also stressed that most nationally significant cyberattacks suffered by the United Kingdom originate from hostile foreign governments, rather than from independent cybercriminal gangs.

Among these threats stand out the constant intrusions linked to China, aimed at stealing sensitive data and spying on prominent figures, with the probable aim of laying the groundwork for future attacks intended to paralyze any Western military response in case of geopolitical tensions around Taiwan.

The danger of uncontrolled spread

The threat posed by spyware is not limited to government actions. A risk just as serious arises from the possibility that cybercriminals manage to get their hands on these powerful weapons. A recent emblematic case occurred with the online appearance of DarkSword, a hacking kit containing various exploits capable of penetrating modern iPhones and iPads.

This massive code leak has allowed anyone with minimal skills to create websites specifically designed to hack the devices of Apple users who had not yet updated the software of their smartphone to the latest available version.

Episodes like this clearly show that even the most protected spying tools, although originally developed by and for governments, can slip out of control. Their indiscriminate spread potentially jeopardizes the security and privacy of millions of people around the world, exposing them to malicious attacks with devastating consequences.