UK government says 100 countries have spyware that can hack people’s phones

More than half of the world’s governments have access to commercial spyware that can break into computers and phones to steal sensitive information, according to U.K. intelligence.

The U.K. National Cyber Security Centre plans to reveal its findings Wednesday, according to Politico. The report suggests that the barrier to access this types of surveillance technology has fallen, potentially making it easier for foreign governments and hackers to target U.K. citizens, companies, and critical infrastructure with spyware.

It’s also an increase in the number of countries with access to these type of hacking tools, to 100, up from the 80 countries U.K. intelligence estimated in 2023.

Commercial spyware, developed by private companies like NSO Group’s Pegasus and Paragon’s Graphite, often relies on exploiting security flaws in phone and computer software to break into the devices and steal the data within. While governments have claimed that they only use spyware against top criminal and terror suspects, security researchers and human rights defenders have long warned that governments have misused spyware to target their critics and political adversaries, including journalists.

U.K. intelligence now says that the victimology has “expanded” in recent years to include bankers and wealthy businesspeople.

Richard Horne, who runs the U.K. National Cyber Security Centre, said in a speech at the CYBERUK conference in Glasgow that British companies are “failing to grasp the reality of today’s world,” per a pre-released copy of his speech seen by TechCrunch.

Horne said that the majority of nationally significant cyberattacks targeting the United Kingdom has originated from foreign adversarial governments, rather than cybercriminal gangs.

The U.K., along with several other countries, also continues to experience China-linked intrusions aimed at stealing sensitive data, spying on high-profile individuals, and setting the groundwork for potentially disruptive hacks to stall a Western military response ahead of an anticipated Chinese invasion of Taiwan.

The spyware threat facing the U.K. is not just from governments, but also cybercriminals with access to these tools. Earlier this year, a hacking toolkit dubbed DarkSword, containing several exploits capable of hacking into modern iPhones and iPads, leaked online. The tools allowed anyone to set up websites capable of hacking Apple customers who had not yet updated to the most recent version of its mobile software.

The leak of the hacking tools showed — and not for the first time — that even tightly guarded hacking tools developed by and for governments can leak and proliferate out of control, putting potentially millions of people at risk from malicious hacks.