FBI Warns Congress: White House Chief of Staff’s Phone Hacked, Senator Slams “Inadequate” Mobile Security Advice
The FBI held a closed-door briefing for members of the U.S. Congress to bolster mobile device security after the contact list from the personal smartphone of White House Chief of Staff Susie Wiles fell into the hands of malicious actors. According to sources, the list was used to send messages and place calls impersonating Wiles in an attempt to reach U.S. lawmakers.
As reported by The Wall Street Journal, the perpetrators not only sent messages and made calls, but allegedly used artificial intelligence to mimic Wiles’s voice. The official informed her inner circle that her phone had been compromised and her contact list stolen—granting the attackers access to the phone numbers of some of the nation’s most influential political figures.
Although the attack appeared to be more of a financial extortion attempt than an operation by a professional intelligence service, its repercussions proved to be far more serious. Lawmakers grew suspicious when the impostor Wiles began asking questions about Donald Trump that she should have known the answers to and requested money transfers. Recipients of the messages noted the strange, overly formal tone and grammatical errors. Additionally, the messages and calls did not originate from Wiles’s known number.
The situation was further exacerbated by the murder of former Minnesota House Speaker Melissa Hortman and her husband, as well as the attack on State Senator John Hoffman and his wife. In the wake of these events, the FBI convened a meeting with Senate staffers, drawing over 140 attendees—a highly unusual turnout for such events, particularly in the absence of the customary complimentary refreshments.
Nevertheless, Senator Ron Wyden, one of the most technologically adept members of the Senate, criticized the FBI’s guidance as woefully inadequate. In a letter to FBI Director Kash Patel, he denounced the agency for offering only basic recommendations—such as avoiding suspicious links, keeping software updated, disabling Bluetooth, and regularly rebooting devices.
According to Wyden, these measures are insufficient to safeguard Congressional staff and other high-profile targets from cyber-espionage groups equipped with cutting-edge surveillance tools. So-called “zero-click” exploits, which allow for device infection without any user interaction, are now widely available on the market—sold by private firms to nation-states.
Wyden urged the FBI to mandate the use of advanced protective features already embedded in mobile platforms. These include Apple’s “Lockdown Mode,” designed specifically for individuals at risk of targeted attacks. This mode disables non-essential system functionalities, significantly reducing potential attack surfaces. A comparable feature, “Enhanced Protection Mode,” is available for Android devices.
In addition, the senator recommended an overhaul of cybersecurity training programs to raise awareness of supplementary protective practices. These include disabling advertising identifiers, rejecting ad network tracking, using ad blockers, and avoiding services that collect personal data—tools which, according to investigators, enabled the suspect to identify the victims’ home addresses in the Minnesota attacks.
Wyden emphasized that while the FBI has issued similar advice in scattered bulletins over the years, such fragmented guidance is no longer sufficient in the face of current threats. Recommendations must be clear, comprehensive, and mandatory.
Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, endorsed the initiative. He argued that all members of Congress and their aides should, by default, activate “Lockdown Mode” or equivalent protections on their devices. He recalled that in September 2023, Citizen Lab successfully thwarted an iOS attack using Lockdown Mode—the exploit relied on a zero-day vulnerability that could have silently installed spyware.
More recently, Citizen Lab uncovered another similar campaign: a compromised media file sent via iMessage was used to infect journalists’ devices. The vulnerability, tracked as CVE-2025-43200, was patched by Apple in February 2025 with the release of iOS 18.3.1.
While Apple has not commented on whether the flaw could have bypassed Lockdown Mode, the same month it addressed another critical vulnerability—CVE-2025-24200—which allowed attackers with physical access to a locked device to disable USB protections.
Experts note that once a device falls into an adversary’s hands, no digital safeguard can guarantee its security. As a result, emphasis is increasingly placed on preventive measures against remote infections—particularly those built directly into mobile operating systems.
