The tools of espionage have changed. Forget spies in trench coats; the modern operative’s most effective weapon is the mobile phone in your pocket. Free messaging apps, aging telecommunications infrastructure, and the accelerating power of AI have created an ideal environment for mobile espionage, turning personal devices into a primary national security threat.
As I said in this fascinating podcast chat with Karissa Breen from KBI Media, the cherry on top of the criminal ice cream sundae is AI. It is making it easy for attackers to weaponize data at scale.
A Trillion-Dollar Problem
This isn’t a distant problem. Globally, cyber-enabled espionage and fraud is estimated to have cost more than USD $1.03 trillion in 2024. In Southeast Asia alone, annual losses surpass $35 billion. Australia’s spy chief, Mike Burgess from the Australian Security Intelligence Organization (ASIO), recently issued a stark warning that espionage costs the nation over $12 billion each year – a figure he called conservative. These are not just numbers. They represent stolen intellectual property, destabilized economies, and compromised government operations.
The New Attack Surface: Your Mobile Device
Our phones are central to modern life. We use them for banking, work, and sensitive communications. Yet, we often overlook how exposed these devices are. This vulnerability is driven by three key factors:
- Outdated Infrastructure: Many regions still rely on 2G and 3G networks. Some of this technology contains unpatchable flaws, providing attackers with known, permanent backdoors into mobile communications. More than 80 countries have already confirmed mobile intrusions by certain espionage actors, with over 600 organizations compromised through stolen call logs and location data.
- Consumer Messaging Apps: Free applications are not truly free. They monetize user metadata, including location, contacts, and even file previews are collected, packaged, and sold. This data inevitably finds its way into criminal and state-sponsored ecosystems, providing a rich source of intelligence for targeted attacks.
- Weaponized AI: Artificial intelligence has supercharged the threat landscape. Attackers now leverage AI to impersonate CEOs, mimic the voices of family members, and automate sophisticated campaigns at an unprecedented scale. Scams like "pig butchering," where criminals build fake relationships over months to commit investment fraud, or deepfake voice attacks where attackers trick employees into transferring funds, are becoming industrialized.
Productivity and Protection Must Go Hand in Hand
Safeguarding critical government operations demands uncompromising communication security. However, if security measures impede productivity, employees will inevitably find workarounds. A restrictive work phone often leads users to switch to their personal devices for convenience, inadvertently opening a door for attackers who exploit this behavior.
We must recognize the mobile device for what it has become: a primary attack surface. This requires a fundamental shift in how we approach security. A clear distinction must be made between casual conversations and sensitive communications. While a free messaging app may be suitable for personal chats, it is entirely inappropriate for discussing government strategy, corporate earnings, or critical operational details.
Effective security cannot be an afterthought. It must be integrated seamlessly into the user’s workflow. This means deploying solutions that deliver both robust protection and intuitive productivity. Organizations need better technology, but they also need to cultivate better security behaviors. The first step is acknowledging that not all conversations belong on consumer-grade applications.
The Path Forward: A Call for Urgent Action
In this podcast, we discuss how governments are beginning to respond. The United States recently issued new guidance on mobile security, and cross-border collaboration is improving. Frameworks are emerging, and critical conversations are taking place. But we are in an arms race, and time is not on our side. Attackers are moving faster, using automation and AI to scale their operations with alarming efficiency. Our phones are no longer just consumer gadgets; they are critical infrastructure. We must treat their security with the urgency it deserves.
These issues are at the heart of the mobile security conversation we need to have—not just as security professionals, but as citizens, leaders, and parents. I will be addressing this challenge directly at SXSW Sydney in Australia, October 13 to 19.
- Join me on October 13 for a panel discussion on Leadership through Transformation, sharing some of BlackBerry’s firsthand experiences and lessons, alongside other industry leaders.
- On October 14, I will deliver a talk on the rise of mobile espionage, sharing case studies, insights from the field, and predictions for what lies ahead.
The new front line for national security is in our hands. It is time to secure it. Connect with BlackBerry to learn how to implement a sovereign, trusted framework for your organization’s mobile communications.
