By Nikki Main Science Reporter for Dailymail.Com
4:30 PM June 3, 2024, updated 6:23 PM June 3, 2024
Anyone with an iPhone or Android should turn their device on and off once a week, officials say — to protect them from hackers.
The idea is to thwart ‘zero-click’ hacks, which download spyware onto users’ phones without them ever clicking a link.
The National Security Agency (NSA) endorses the restart method, which temporarily deletes the vast amount of information that continuously runs in the background, such as in our apps or internet browser.
The NSA has also warned that users should be cautious when connecting to public Wi-Fi networks and are advised to update their phone software and apps regularly.
An NSA document outlined the many steps all iPhone and Android users should take to reduce the risk of a cyberattack.
Rebooting your phone is one of the lesser known methods.
Unlike other forms of malware, zero-click attacks require no interaction from the victim.
Click here to change the format of this module
Hackers exploit a software vulnerability and gain access to devices without having to trick you into clicking a malicious link or downloading a malicious file.
If the system is not powered on and off, a cybercriminal can manipulate opened URLs to execute code that installs malicious files on the devices.
Turning the phone off and on again closes all apps and logs out all banking and social media accounts, preventing hackers from accessing sensitive information.
The restart method also has the same effect on spearphishing attacks: when an attacker sends targeted fraudulent emails to steal sensitive information such as login credentials.
Nearly half of smartphone owners say they rarely or never turn off their cell phone, according to a 2015 Pew Research survey, while 82 percent say they never or rarely restart their phone.
The NSA document also informed users that it is important to update software and apps regularly to ensure your device is safe.
Over time, hackers find new ways to break into a system, but updating old software will remove any bugs or loopholes they may have used to gain access to your data.
The NSA has also recommended that people turn off their Bluetooth when not in use, as this reduces the chance of people gaining unauthorized access to their devices.
The advice is not 100 percent effective, the NSA warned, but it should provide partial protection against some malicious activity.
“Threats to mobile devices are becoming more common and increasing in size and complexity,” the NSA warned, adding that some smartphone features “provide convenience and capabilities, but sacrifice security.”
Users should also disable their WiFi and delete unused networks that cybercriminals can use to target their phones.
When connecting to a WiFi network, it is important to watch out for SSID confusion attacks that trick users into connecting to their hotspot instead of the official WiFi of the establishment with a similar network name.
A strong lock screen with a minimum six-digit PIN will add much-needed protection when combined with the feature that prompts the smartphone to wipe itself after ten incorrect attempts.
It further warned that people should avoid opening email attachments or links from an unknown source, which could allow malicious software to be installed without the person’s knowledge.
“Falling for social engineering tactics, such as responding to unsolicited emails requesting sensitive information, can result in account compromise and identity theft,” Oliver Page, the CEO of cybersecurity company Cybernut, told Forbes.
“These phishing attempts often impersonate legitimate entities, tricking individuals into disclosing confidential details.
“Trusting calls or messages without verification can have serious consequences, as scammers manipulate victims into disclosing sensitive information or taking actions that compromise their safety.”
The Federal Communications Commission (FCC) also strongly warned users against dismantling security settings that could give cybercriminals the opportunity to break into the phone.
“Tampering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features of your wireless service and smartphone while making it more susceptible to attack,” the FCC warned.
According to Statista, 353 million people had their data compromised in the US last year, including breaches, leaks and exposures.
But the last major zero-click exploit happened in 2021, targeting Apple’s iMessage app and exploiting a vulnerability related to the way the app handled images.
The attack was able to do that bypass Apple’s BlastDoor security feature, which is designed to prevent such attacks.
The tech giant has filed a lawsuit against NSO Group, an Israeli cyber intelligence company best known for its proprietary spyware Pegasus, which is capable of zero-click exploits.
Security researchers told Wired that the attack was “one of the most technically advanced exploits” they had ever seen.