Security starts with behaviour, even in the devices we wear
16 Dec 2025|

Australia’s political leaders should model basic cyber hygiene by following the guidance of their own security agencies, including by avoiding Bluetooth headphones and wearable devices. Visible behaviour matters in national security. When senior officials use devices that Australia’s security agencies treat as risky, they create a double standard. When Australia is trying to project cyber maturity, this inconsistency can undermine confidence in our broader security posture.

It’s no surprise Australians are facing unprecedented levels of espionage and foreign interference. The  online publication of the prime minister’s phone number in October reminded us how exposed even our highest officials can be. In a world where hostile actors exploit even small weaknesses, the devices we carry are part of the threat surface. And that surface is only as strong as our habits.

From a policy standpoint, the Australian Signals Directorate’s Information Security Manual requires that mobile devices labelled ‘secret’ and ‘top-secret’ have Bluetooth disabled entirely. For devices with the security statuses of ‘official: sensitive’ or ‘protected’, ASD permits Bluetooth only under strict conditions: pairing must use secure connections, and devices must remain undiscoverable during pairing.

Other governments have issued similar warnings. Earlier this year, former US vice president Kamala Harris said she avoids wireless headphones, citing national-security risks she learned about while on the Senate Intelligence Committee. And US Vice President JD Vance has faced criticism for wearing an Apple Watch, with former intelligence professionals warning about hot-micing, where Bluetooth microphones can be remotely activated without the wearer knowing.

While wired headphones won’t definitively stop nation-state adversaries, removing a known, exploitable vector is just sensible risk management for people whose conversations have intelligence value. Journalists covering national-security stories, diplomats negotiating agreements, and defence personnel handling classified material face threat models very different from the average Australian.

Australia’s sensitive-knowledge class has long understood the risk. In 2016, then prime minister Malcolm Turnbull agreed to leave his Apple Watch outside of the cabinet room after security officials raised concerns about covert audio activation. What’s changed since then is that the risks have only increased.

Earlier this year, researchers disclosed critical flaws in Airoha Bluetooth chipsets used in many popular headphones, including models from Bose, Sony, JBL and Marshall. Those vulnerabilities could allow attackers within Bluetooth range to hijack headphones, activate calls, eavesdrop on conversations and access contacts. India’s national cybersecurity authority issued a high-severity alert, and Britain’s Ministry of Justice advised personnel handling sensitive material to avoid Bluetooth devices entirely.

This is where political leadership in Australia matters. If ASD and the Australian Security Intelligence Organisation believe Bluetooth is risky enough to disable in sensitive settings, senior officials should model that judgment in public. A photo of the prime minister or a senior minister using wired headphones would signal that cybersecurity isn’t something legislated just for others. A small behavioural change can become a form of visible leadership.

Optics aside, I recommend baking these expectations into the Ministerial Code of Conduct. The code already asks ministers to protect official information, but it says nothing about the everyday device habits that now define that risk. Adding simple rules, such as using wired audio for official conversations or switching off Bluetooth on peripheral devices, for example, would bring ministerial behaviour close to ASD guidance.

Such rules should sit within a broader set of digital-security best practices—the basic behaviours we increasingly expect from anyone handling sensitive material. It’s a small tweak, but it would send a clear message: if secure device use matters for everyone, it should start with the people setting the standards.

For a government that wants to be taken seriously on cybersecurity leadership, I argue that it’s worth the tangle.

Author

Isaac Sharp is an account director at HPE, where he helps public sector clients modernise and secure their critical networking infrastructure.

 

Image: Behnam Norouzi/Unsplash.

Tags
Share

The Strategist — The Australian Strategic Policy Institute Blog. Copyright © 2026