Boris Johnson may have put himself at “increased risk” from snooping by hostile states and criminal gangs by leaving his personal mobile phone number online for 15 years, the UK’s former national security adviser has warned.
The number is understood to have been deactivated soon after gossip email Popbitch revealed on Thursday that it could be found on the internet at the bottom of an old press release issued in 2006, when Mr Johnson was the backbench MP for Henley.
Labour leader Sir Keir Starmer said that widespread access to the prime minister’s number was a “serious situation”, carrying a security risk.
But ministers sought to play down the issue, with chancellor Rishi Sunak insisting that “all security protocols have been followed”.
The revelation of the security lapse came just days after it was revealed that cabinet secretary Simon Case privately pleaded with the prime minister to change the mobile number which he has had for more than a decade, amid concerns at the number of businesspeople, lobbyists and other figures from outside government who were able to contact him direct.
Concern was sparked by the leak of text message exchanges with vacuum cleaner tycoon Sir James Dyson, in which the PM promised to “fix” tax issues relating to engineers working on the development of ventilator in the Covid crisis.
Peter Ricketts, who served as David Cameron’s national security adviser from 2010-12, said that the PM’s number must be known to “hundreds, if not thousands” of people.
Warning that Mr Johnson should be taking steps to be “much more digitally secure than seems to be the case now”, Lord Ricketts told BBC Radio 4’s Today: “I think one would be worried if a hostile state who had sophisticated capabilities, had the mobile phone number itself.
“That must increase the risk that they’re able to eavesdrop on some at least of the communications that are going on, and possibly other non-state actors as well, like sophisticated criminal gangs.
“So, there is no way of knowing whether that’s true, but there must at least be an increased risk if the number is widely available.”
The prime minister’s phone conversations were certain to include sensitive material about commercial interests, talks with foreign leaders and people lobbying him for favours, said Lord Ricketts.
“You shouldn’t be in a position where anyone who once had your phone number can get to you when you are a prime minister,” he said. “And that’s one of the inconveniences of being prime minister but it’s for their own sake and their own protection really, that access to them ought to be controlled and monitored, so that there can be no suspicion of favours asked for and done or the kind of things that we are now seeing with the exchanges that we see with James Dyson.”
Cybersecurity expert Jake Moore of ESET told The Independent that making his phone number publicly available exposed the PM to a number of scams by “threat actors” including hostile foreign states.
“Once they have a number and some personal information, the first thing these people would attempt to do is take control of the phone by a SIM-swap attack, which involves going to the phone company and trying to convince them to move the number onto a new SIM card,” he explained.
“Alternatiely, he could have his number cloned, allowing somebody to call or send messages which appear to the recipient – whether another minister or a foreign leader or a businessman – to come from him.
“The key thing a threat actor would try to do is take over his WhatsApp, which is possible if he hasn’t set up his security properly with two-step verification. Sending text messages purporting to be him would be a very plausible way to obtain sensitive information from his contacts.
“On a more sophisticated level, software exists of the type we saw used against Jeff Bezos of Amazon, allowing you to send a message from what appears to be a trusted number with a video attached. If it’s opened, it can give access to photos, videos, texts, emails in the mail app. It’s spyware on the phone and it’s not easy to do, but he would be of interest to nation-state actors with access to intelligence at a high level.”
Mr Moore added: “I was surprised to hear he hadn’t changed his phone number since becoming PM. If I was him, I’d do it now.”
Asked about the prime minister’s phone number during an election campaign visit to Hull, Sir Keir Starmer said: “It’s obviously a serious situation.
“It carries a security risk.
“And he was warned about it. That tells its own story.”
Starmer added: “I think a lot of people will be concerned not just about who’s got the number but who’s been using it.
“Because what’s come out in recent weeks is privileged access – those that can WhatsApp the prime minister for favours.
“This all is further evidence that there’s essentially one rule for them and another rule for everybody else.”
Sir Keir said that he changed his number when he became director of public prosecutions in 2008 and kept it secure ever since.
Attempts to call Mr Johnson’s number on Thursday night were met with an automated message saying the phone was “switched off” and an invitation to “please try later or send a text”.
And Mr Sunak said: “As far as I’m aware all security protocols have been followed.”
Speaking during a visit to Hartlepool, where a crucial by-election is being fought next week, the chancellor said no voters had raised the issue with him.
“Part of what makes the prime minister special is that he is an incredibly approachable individual,” said Mr Sunak.
“You see it wherever he is out and about, people feel they can relate to him, they can talk to him, they can tell him what’s on their mind.”
Home Office minister Victoria Atkins insisted that Mr Johnson “knows his responsibilities when it comes to national security”.
There was no immediate comment from Downing Street.