BEIJING: China’s Ministry of State Security (MSS) on Thursday warned that while smart devices have become deeply embedded in daily life, work, and education, they also pose hidden risks that, if not properly managed, could endanger national security.
In the article released on its WeChat account, the MSS mentioned a report released by the China Cybersecurity Industry Alliance (CCIA) on March 25, which exposes large-scale cyberattacks and long-term surveillance operations conducted by US intelligence agencies targeting mobile smart devices worldwide.
The frequent breaches of smart terminals highlight that such devices have become key targets in state-level cyber warfare, with their security defenses now facing unprecedented challenges on an invisible battlefield, said the report.
The article listed several ways in which smart devices could be exploited for secret data theft. For example, SIM cards, used as user identity modules in mobile communication systems, store identity credentials and encryption keys.
In previously reported cases, attackers exploited unpatched vulnerabilities by sending specially crafted messages to remotely activate the SIM card’s built-in browser. This enabled them to track users’ locations, steal text messages, or even initiate phone calls—all without any physical contact with the device. Such attacks have placed more than one billion phones worldwide at risk. Some cases have also revealed that companies in certain country deliberately provided backdoors to their intelligence agencies, enabling the silent installation of spyware. Thousands of infected phones were identified, many of which belonged to foreign government personnel. Attackers could exploit vulnerabilities in the built-in messaging services of certain operating systems, gaining full control of a device without any user interaction.
Some pre-installed mobile apps can also function as covert data extraction tools. For example, certain telecom provider embedded diagnostic software in smartphones that secretly collected sensitive data such as message content and call logs. In a 2015 revelation by foreign media, intelligence agencies of the Five Eyes alliance launched the Irritant Horn program, hijacking download links from popular app stores to replace legitimate apps with spyware-laced versions. This operation exposed hundreds of millions of users to massive data leaks, often without their knowledge.
Mobile networks play a vital role in secure communications. However, attackers can compromise these networks through backbone hijacking, base station spoofing, or internal system infiltration. By injecting malicious code into 4G/5G signals and using fake base stations to force devices to downgrade to 2G, where communications are typically unencrypted, they can intercept and extract sensitive information at various points along the transmission chain.
To counter the invisible threat of intelligence breaches via smart devices, a hidden web of covert data theft, the MSS emphasized the need to build a comprehensive, multilayered security system. This system should safeguard every level of the ecosystem, from hardware and operating systems to data and application environments, in order to effectively prevent and mitigate data leakage risks from smart terminals.
It also stressed the importance of public cybersecurity awareness, especially personnel on sensitive positions, encouraging users to avoid unverified devices and apps, stay cautious of suspicious links, and practice good digital hygiene. –The Daily Mail-Global Times news exchange item
