(Photo: CFP)
US intelligence agencies have been systematically infiltrating mobile devices worldwide to steal sensitive data, a cybersecurity report reveals, which was released by the China Cybersecurity Industry Alliance (CCIA) on March 25.
The report, titled "Mobile Cyberattacks Conducted by US Intelligence Agencies", alleges that U.S. agencies use sophisticated hacking tools to access SIM cards, operating systems, WiFi, Bluetooth, GPS, and mobile networks, enabling them to track users and intercept communications on a massive scale.
According to the report, these activities not only target individual devices but also extend to data centers, major IT vendors, and the entire mobile ecosystem—raising profound concerns over global cybersecurity and national sovereignty.
Exploiting iOS vulnerabilities
The report highlights that U.S. agencies have exploited weaknesses in Apple's iMessage service to deploy spyware on iPhones.
By injecting malicious code through iMessage, these agencies achieve so-called "zero-click" exploits that allow them to infiltrate devices without any user interaction. This method enables prolonged, covert data extraction—a claim supported by research from cybersecurity firm Kaspersky.
Weaponizing commercial spyware
In addition to exploiting software vulnerabilities, the report exposes how U.S. intelligence has repurposed commercial spyware to bolster its surveillance efforts.
Notably, the Pegasus software developed by Israel's NSO Group has been deployed to monitor high-profile targets, including heads of state and political figures in countries such as France and Pakistan. This powerful tool can covertly access mobile devices, extract sensitive data, and track user activities, underscoring the global reach of these operations.
IRRITANT HORN project
The report also sheds light on a project known as IRRITANT HORN. Under this operation, the Network Tradecraft Advancement Team (NTAT)—established by the Five Eyes Alliance—has been involved in secondary data collection.
By exploiting data gathered from various mobile applications and internet platforms, including a widely used Chinese mobile browser that transmits private phone numbers, SIM card details, and device identifiers, U.S. agencies have expanded their surveillance capabilities.
A global threat
With mobile phone ownership reaching 78 percent among people aged 10 and above and mobile broadband coverage with 3G and above at 95 percent globally—figures cited in the International Telecommunication Union's 2023 Facts and Figures Report—the stakes are high.
The CCIA report warns that if these extensive cyber-espionage activities continue unchecked, they will not only erode personal privacy but also pose a severe threat to national security worldwide.
Together with previous investigations such as the Volt Typhoon report by China's National Computer Virus Emergency Response Center, these findings add to mounting evidence of longstanding U.S. surveillance and espionage activities. The revelations have prompted calls for enhanced international cooperation to counter these threats and for the U.S. to explain its actions in a responsible manner.
Reporter | Liu Xiaodi, Ouyang Zixuan (intern)
Editor | Yuan Zixiang, James, Shen He
