UK Government: 100 Countries Now Have Phone-Hacking Spyware

According to the UK’s leading cybersecurity official, at least 100 countries around the world now have access to spyware. This malicious software can secretly monitor devices, including smartphones, without the owners knowing. This warning highlights how surveillance technology, once limited to a few intelligence agencies, has spread far beyond those original gatekeepers.

What the UK Government Actually Said

The UK’s cybersecurity chief specifically addressed British businesses and operators of critical infrastructure, such as power grids, water systems, and financial networks. The key message was clear: you’re underestimating the threat.

It’s not just about espionage between nations. Powerful spyware tools, once exclusive to agencies like the NSA or GCHQ, are now available for purchase by almost any government. Think of it like the difference between a custom-built racing car and a standard sports car from a dealership. The custom version used to be the only way to achieve high speed. Now, the dealership version can get you most of the way there.

This software, often referred to as commercial spyware or stalkerware depending on its use, can silently access a phone’s messages, camera, microphone, and location data without the target ever knowing. A prime example is Pegasus, created by the Israeli firm NSO Group, which has been linked to the surveillance of journalists, activists, and government officials across various countries.

Why 100 Countries Is Such a Big Number

To give some context, there are 195 recognized countries globally. The UK government claims that more than half of them now have access to tools sophisticated enough to remotely compromise smartphones. Just five years ago, that number was a fraction of what it is today.

This surge stems largely from a commercial market for surveillance technology. Beyond NSO Group, many companies now sell spyware products to governments. Once one nation acquires these capabilities, the knowledge and sometimes the tools spread quickly.

This shift matters for everyday people since spyware targets aren’t always foreign spies. Documented cases include journalists probing corruption, opposition politicians, human rights lawyers, and business executives traveling abroad.

What Spyware Actually Does to Your Phone

Modern commercial spyware doesn’t require you to click a malicious link or download a shady app. The most advanced versions exploit what are known as “zero-click” vulnerabilities. These allow an attacker to install spyware simply by sending a message, even if you never open it. The target’s phone transforms into a remote listening device without any action from the owner.

Once installed, this software can:

• Read encrypted messages on apps like WhatsApp and Signal
• Activate the microphone and camera without any visible indicator
• Track GPS location in real time
• Access stored passwords and contacts
• Extract photos and documents

Standard antivirus software usually can’t detect these tools. Apple and Google routinely patch the vulnerabilities that spyware exploits. That’s one reason why keeping your phone updated is more important than many realize.

What This Means

For most everyday users, being directly targeted by government spyware is unlikely. These tools are costly to deploy and generally reserved for high-value targets. However, the UK’s warning points to a larger issue: the more countries that gain this capability, the higher the chances for misuse, mistakes, or leaks to criminal organizations.

For business travelers, journalists, lawyers, and anyone handling sensitive information, the risk is much more tangible. The UK government’s specific warning to businesses and critical infrastructure suggests that corporate espionage using spyware is a real concern, not just a hypothetical scenario.

Security experts typically recommend keeping devices updated, using a separate travel phone in high-risk countries, and being careful about discussing sensitive topics on smartphones instead of in person.

Community Reactions

“The scary part isn’t that governments have this. It’s that ‘government’ now includes a lot of governments that have very different ideas about who counts as a legitimate surveillance target.”

— u/InfosecRealist, r/cybersecurity

“Zero-click exploits are genuinely terrifying. You don’t have to do anything wrong. You just have to be interesting to the wrong person.”

— YouTube comment on TechCrunch’s coverage of the UK announcement

Sources and Further Reading

• TechCrunch: UK government says 100 countries have spyware that can hack people’s phones
• Wired: USAID Whistleblower Says It Was Even Worse Than People Knew

What To Watch

The UK government’s warning is likely to influence ongoing international talks about regulating commercial spyware. Here’s what to keep an eye on:

• International regulation talks: Several governments, including the US and UK, are advocating for a global framework to restrict spyware sales. The figure of 100 countries will probably be used to argue that voluntary controls aren’t effective.
• NSO Group and competitors: Legal actions against spyware vendors in US and EU courts are still ongoing. Verdicts could establish precedents for vendor liability in cases of government misuse.
• Apple and Google patches: Both companies have teams dedicated to hunting down the zero-click vulnerabilities that spyware exploits. Watch their security release notes — when they patch something labeled “actively exploited,” it’s often related to spyware.
• UK Cyber Security Strategy update: This warning hints that the UK may be preparing to issue updated guidance for businesses on spyware threats, which could arrive in the coming months.