The personal cellphone belonging to White House chief of staff John Kelly was hacked and may have been compromised for several month, Politico reported.

The apparent hack of the device, which was first identified by White House tech support, could have occurred as early as December 2016. Kelly was preparing to join the incoming administration of Donald Trump as the U.S. Secretary of Homeland Security.

Kelly began complaining the device had not been working properly and wasn’t receiving updates. According to the report, Kelly said he had been experiencing problems with the device for several months before finally deciding to have tech support examine it. The IT team found many of the functions of the phone not to be working and deemed it compromised.

At the time the hack was discovered, a one-page memo about the incident was produced and circulated within the administration. The discovery was made some time in September but was not made public at the time. Kelly is no longer using the compromised device.

The White House claims Kelly hasn’t used his personal phone much since taking over his role as chief of staff and has relied primarily on his government-issued phone for official communications.

Since the hack was discovered, Kelly’s travel history before joining the administration in January has come under review. Kelly retired in last year from his role as chief of the United States Southern Command, a post he held from 2012 until 2016.

Thus far it is unclear just what may have been exposed by the infection of Kelly’s device and if any data was stolen. If the device was infected with malware, it could perform any number of malicious functions while one the device.

Some mobile malware can record using the microphone and camera on the device—a worst-case scenario for Kelly and the White House, as it would allow the attacker to record private conversations at any time and wouldn’t require Kelly to interact with the device at all in order to gain valuable information.

Other malware can record on-screen activity and harvest passwords and other credentials that may protect important accounts. Many of these types of malware go unnoticed for months as they remain primarily hidden and don’t interfere with how the device owner uses the phone.

In response to the incident with Kelly’s phone, the White House has installed additional storage lockers for personal devices in the West Wing. Aides have been instructed to limit the use of their personal devices while in the White House.

The revelation about Kelly’s phone being compromised comes as a shock, though he is not the only person in the administration to use a potentially at-risk device. President Trump has come under fire on a number of occasions for continuing to use his personal smartphone rather than secure lines.

The President has continued to use a Samsung Galaxy S3, a handset first released in 2012, to do much of his communication, including tweeting. The smartphone is not capable of running the most recent version of the Android operating system and has not received a software update since 2014.

Trump used the Galaxy S3 throughout his time as President-elect and into his first months in the White House. It has been suggested he may have taken calls with world leaders on an unsecured line prior to his inauguration. He reportedly still uses the device, which has led to much consternation from security experts who worried the device could be compromised.

RELATED STORIES
Security Donald trump Security Security