In this age of digital insecurity, the simplest computer fix – shutting down a device and then turning it back on – can thwart hackers from stealing personal information from your smartphones.
Sen. Angus King, a member of the secretive Senate Intelligence Committee, at a briefing said that he has a piece of great advice on keeping your cell phone secure from hackers.
Step 1: Turn off your phone.
Step 2: Turn it back on.
That’s it. It turns out that this oldest computer fix does actually work. Rebooting your device might not stop cybercriminals, but it will make hackers work harder to actually maintain access to your phone.
The National Security Agency (NSA) issued a “best practice” guide for mobile security that recommends rebooting your device every week to thwart hackers. The US Senator says that rebooting his smartphone has now become a part of his routine.
“I’d say probably once a week, whenever I think of it,” said King.
Smartphones have become a top target for cybercriminals looking to steal personal information, track user’s locations, and even for spying, like in the case of Pegasus spyware found targeting phones worldwide. A recent investigation found thousands of phones worldwide belonging to journalists, activists, and politicians targeted by Israeli spyware called Pegasus.
Smartphones are the most favourite target as they are always within reach, and are rarely turned off. “I always think of phones as like our digital soul,” said Patrick Wardle, a former NSA researcher.
Rebooting a device periodically is essential, considering the rise in “zero-click” attacks that require no interaction on part of the target. In such attacks, you don’t have to click on a link or open something to initiate the infection.
“There’s been this evolution away from having a target click on a dodgy link,” says Bill Marczak, a senior researcher at Citizens Lab. Companies like Crowdfence and Zerodium offer millions of dollars for zero-click exploits.
Once the hackers have gained access to your device, they will look for ways to persist in the system. This can be done by installing malicious content to your device’s root file system. However, phone companies like Google and Apple have made it impossible for malware to attack core operating systems.
Therefore, hackers go for “in-memory payloads” that are most difficult to detect and can be traced back to the source. Such attacks do not survive a reboot, but most people rarely reboot their phones so it does not pose a problem for hackers.
There are multiple hacker-for-hire firms that sell phone hacking services to law enforcement agencies. One of the most famous companies is the Israeli-based NSO Group. It has been recently accused of targeting human rights activists and journalists worldwide.
The company has also been sued by Facebook in the US for targeting 1400 users via zero-click infections on WhatsApp. The NSOs spyware is highly persistent and would even survive a reboot or a device factory reset.
The Citizens Lab has tracked NSO’s activities closely for the past few years. Marczak said the victims in the WhatsApp case would get an incoming call, after which the spyware was installed automatically. Similarly, in a recent case, the hackers used Apple’s iMessage service to install the spyware.
Marczak said that “there was nothing that any of the targets reported seeing on their screen. So that one was both completely invisible as well as not requiring any user interaction”.
In such cases, rebooting your phone won’t do much, because hackers can always send another zero-click for reinfection. The NSA’s guide also acknowledges that. However, it doesn’t hurt to regularly reboot your device and turn it off every week and use security tools like a VPN for data encryption.
It can protect you against other threats like the recent Joker Malware that infected over 1700 applications on the Google Play Store. You can also opt for an antivirus for your smartphones like McAfee Mobile Security, or Norton Mobile Security. For added protection, you can also go for VPNs that offer an antivirus feature as well.