This story originally was published by Real Clear Wire.
By Terry Thompson
Real Clear Wire
The Iran Cyber Threat Is Real—And Our Phones Are Making It Worse
U.S. intelligence agencies are currently on high alert, responding to reports from CNN that Iran is gearing up for cyberattacks against crucial government and military infrastructure. However, the real danger might not be lurking behind a computer screen overseas but rather right in our pockets—mobile phones, either unknowingly or deliberately brought into the most sensitive areas of our national security, have become a significant vulnerability.
Despite years of post-9/11 investments aimed at fortifying infrastructure, the federal government has neglected to develop a comprehensive sensor network that keeps pace with the wireless threats embedded in our everyday lives.
When the iPhone debuted in 2007, it marked the beginning of an age characterized by relentless connectivity and innovation. While this technological explosion has provided numerous advantages, it has simultaneously revealed glaring vulnerabilities.
Shockingly, our most secure government installations remain largely susceptible to wireless threats.
Currently, as much as 90% of secure government facilities operate on little more than the honor code and self-reporting to prevent unauthorized wireless devices—such as mobile phones, smartwatches, and rogue transmitters—from entering Sensitive Compartmented Information Facilities (SCIFs), Special Access Program Facilities (SAPFs), and other high-security zones. In an era of sophisticated spyware like Pegasus and pervasive remote malware, this oversight can only be described as gross negligence in national security.
The modern smartphone is the perfect accomplice for espionage—compact, powerful, and omnipresent. It can record audio and video, transmit data instantaneously through WiFi, Bluetooth, and cellular networks, and connect to myriad platforms—from commercial clouds to encrypted chat applications. Alarmingly, these devices frequently find their way into facilities housing classified intelligence data, often unnoticed and without repercussions post-exfiltration.
Consider the case of Asif W. Rahman, a former CIA analyst with a top-secret security clearance. He was recently sentenced to three years in federal prison for photographing classified information and transmitting it to unauthorized parties, who then shared the material on social media. The simplicity of snapping and disseminating photos of classified documents using a smartphone is astounding—no high-tech espionage or daring heists required.
New instances of such breaches emerge weekly. Individuals within the Department of Defense and State Department have been caught photographing screens, copying documents, and physically removing classified data. These are crimes of opportunity, made possible by lax enforcement and outdated security protocols.
If a wireless intrusion detection system (WIDS) had been implemented, these devices would have triggered alerts and prevented these breaches from escalating into significant national security crises.
With Iran actively probing for cyber vulnerabilities, the risk of insiders being manipulated or coerced into facilitating digital breaches via personal devices has reached unprecedented levels. This can occur without a trace if appropriate wireless defenses are not established.
In 2023, the Secretary of Defense issued a memo urging all Department of Defense components to install WIDS to monitor unauthorized devices. This technology functions effectively by detecting any device emitting a wireless signal, including phones, smartwatches, and even WiFi-enabled printers, within restricted areas. Yet, this directive remains largely unfunded and unenforced.
Let’s be clear: near-peer adversaries, terrorist organizations, and criminal networks are capitalizing on wireless vulnerabilities to further their agendas. They don’t require a sophisticated toolkit or specialized technology. They merely need to compromise and exploit individuals with access and a smartphone. With thousands of secure facilities across the nation, the potential for breaches is ever-present.
In light of the latest intelligence assessments, it is imperative that we allocate funding for wireless intrusion detection across all SCIFs and SAPFs while educating agency leaders about the vulnerabilities posed by modern smartphones.
Accountability for bad actors must not be an afterthought or relegated to congressional hearings; we must ensure that they are prevented from ever compromising the integrity of national security in the first place.
While the U.S. government has invested billions in constructing concrete barriers, locked doors, and network-specific defenses to safeguard our secrets, we must acknowledge that in 2025, secrets are not stolen with a crowbar; they are pilfered with an app. Until we treat the wireless threat with the seriousness it deserves, those secrets will remain just a text message or compromised phone away from unauthorized exposure of Classified National Security Information.
It is impossible to safeguard the most sensitive state secrets while remaining oblivious to the threat. Without decisive action, these vulnerabilities will only intensify, endangering more missions and lives in the process.
Col. Terry Thompson (U.S. Air Force, ret.), served as a war planner at the Pentagon and commanded a wing at Dyess Air Force Base, Texas.
This article was originally published by RealClearDefense and made available via RealClearWire.
