It starts with a crash. Not a loud, not a spectacular one – but a quiet, almost imperceptible glitch in a system that is no longer a technical toy, but a geopolitical echo chamber. When cybersecurity analysts at the firm iVerify began to register an unusual number of unexplained software crashes on smartphones belonging to Western government employees in late 2024, no one yet realized how deep the digital fracture actually ran. What looked like a technical error soon revealed itself as a highly sophisticated, zero-click-enabled espionage operation: an unknown group had infiltrated smartphones – without the targets ever having to click a thing. Affected were individuals in politics, tech, and media – and they all had one thing in common: they had previously been targeted by Chinese cyber operations.
A pattern is emerging. Anyone who believes the main battleground of modern espionage lies in data centers or spy satellites is mistaken. The new front runs straight through our pockets – on devices that trade stocks, distribute power, steer elections, and model war scenarios. And all the while, they are linked to children's toys, outdated apps, and microphones no one is watching anymore. "The world is in a mobile security crisis," says Rocky Cole, former NSA staffer, now COO at iVerify. And not just in the United States. Germany, too, has long known that this threat is not theoretical. In March 2024, a confidential conversation between German Air Force officers about arms deliveries to Ukraine was intercepted – via WebEx, of all things, recorded from Singapore. The recording ended up with the Russian propaganda network RT. The German government was humiliated, the security breach glaringly obvious. In a country that prides itself on exporting technology, it was military communication that ran through a commercial video tool – in the midst of a European war.
China? Denies everything. The government in Beijing points to alleged U.S. double standards, speaks of "despicable Western methods," and has Foreign Ministry spokesman Lin Jian claim that it is not China doing the spying – but the West, which lies, infiltrates, and recruits "CIA-badged spies." And while these accusations trade places like Cold War echoes, a digital operation is unfolding quietly and deeply – powered by artificial intelligence, disinformation networks, and precisely aligned infrastructure.
That Germany is part of this game becomes evident at the latest with the Pegasus affair. Even if no confirmed infection of high-level German politicians has been found, the Federal Criminal Police Office acquired the spyware in 2020 – albeit later under strict limitations. Human rights activists and journalists in Germany were verifiably among the global targets. The message is clear: espionage knows no borders – and no distinction between inside and out. Yet while state actors deploy increasingly precise tools, the security breaches are often opened by those meant to be protected. The White House recently had to confirm that someone impersonating Susie Wiles – Trump’s chief of staff – had contacted governors, senators, and business leaders. The calls didn’t come from her number. But most likely from someone with access to her contact list.
In Germany, too, it wasn’t just the external threat that proved dangerous – but the internal culture of complacency. The domestic intelligence service warned repeatedly about the use of Chinese IT components in sensitive infrastructure – and yet, Huawei routers and surveillance cameras could still be found in police departments, ministries, and even the Bundestag as recently as 2023. While the United States expelled Chinese firms from its networks, Germany was still debating "proportionality."
The danger already resides in the circuitry. The “Cyberbunker” in Traben-Trarbach – a decommissioned NATO bunker turned into a base for botnets, darknet markets, and child pornography – showed how easily German infrastructure could become a global threat vector. Europol was stunned, the BKA dismayed. And yet, the lesson went largely unheeded: smart devices are still sold by the millions, with microphones, cameras, and chips that are rarely updated – but always listening.
The U.S. government is trying to respond – with the “Cyber Trust Mark,” a security label for connected devices that meet federal standards. But how long can a sticker offer protection when a networked Barbie doll contains a built-in microphone? “They’re finding backdoors even in children’s toys,” warns Snehal Antani, former CTO of the Pentagon. What sounds naïve is harsh reality. This is no longer about technology – it’s about statecraft. When Pete Hegseth, Trump’s secretary of defense, installed a private internet line bypassing Pentagon security – just to use Signal on his personal laptop – it revealed how far convenience has displaced caution. That his colleague Mike Waltz accidentally added the editor-in-chief of The Atlantic to a chat group discussing military planning only adds insult to injury.
All of this shows: the biggest weakness in cybersecurity isn’t the technology. It’s the human being – and their desire to trade control for comfort. We must stop thinking of the smartphone as merely a tool. It has long since become a political actor. It decides who listens, who speaks – and who is silenced.
And if we don’t start taking this reality seriously, it won’t be the next attack that surprises us – but the sheer simplicity with which it succeeded.
English 
German 
