Blog

Everyone with an iPhone or Android should turn their device on and off once a week, officials say — to protect themselves from hackers.

The idea is to thwart zero-click hacks, which involve downloading spyware to users’ phones without them ever clicking on a link.

The National Security Agency (NSA) approves the reset method, which temporarily deletes the vast stores of information that are constantly running in the background – such as in our applications or Internet browser.

The NSA also warned that users should exercise caution when connecting to public WiFi networks and are advised to regularly update their phone software and apps.

An NSA document lists the many steps that all iPhone and Android users should take to reduce their risk of cyber attack.

Rebooting the phone is one of the lesser known methods.

Unlike other forms of malware, zero-click attacks require no interaction from the victim.

Click here to resize this module

Hackers take advantage of a software vulnerability and gain access to devices without having to trick you into clicking a malicious link or downloading a malicious file.

If the system is not turned off and on, a cybercriminal can manipulate open URLs to run code that installs malicious files on the devices.

By turning the phone off and on again, it force closes all apps and logs out of all banking and social media accounts, thus preventing hackers from accessing sensitive information.

The reboot method also has the same effect in spear-phishing attacks – when an attacker sends targeted phishing emails to steal sensitive information such as login credentials.

Almost half of smartphone owners reported that they rarely or never turned off their cell phone, according to a 2015 Pew Research study, while 82 percent said they never or rarely restarted their phone.

The NSA document also informs users that it’s important to update software and apps frequently to ensure your device is protected.

Hackers find new ways to break into the system over time, but updating your old software will remove any potential flaws or loopholes they may have used to access your data.

The NSA also recommended that people disable their Bluetooth when not in use, as this reduces the chance of people gaining unauthorized access to their devices.

The advice is not 100 percent effective, the NSA warned, but should provide partial protection against certain malicious actions.

“Threats to mobile devices are more prevalent and growing in scope and sophistication,” the NSA warned, adding that some smartphone features “provide convenience and capabilities but sacrifice security.”

Users should also turn off their WiFi and delete unused networks that cybercriminals can use to target their phones.

When connecting to a WiFi network, it’s important to watch out for SSID confusion attacks that trick users into connecting to their hotspot instead of the establishment’s official WiFi using a similar network name.

A strong lock screen with a minimum six-digit PIN will add much-needed protection when combined with the feature that causes the smartphone to be wiped after 10 incorrect attempts.

It also warns that people should avoid opening email attachments or links from an unknown source, which can install malware without the person’s knowledge.

“Being exposed to social engineering tactics, such as responding to unsolicited emails asking for confidential information, can lead to account compromise and identity theft,” Oliver Page, CEO of cybersecurity company Cybernut, told Forbes.

“These phishing attempts often impersonate legitimate entities, tricking individuals into revealing confidential details.

“Trusting phone calls or messages without verification can have serious consequences as fraudsters manipulate victims into revealing sensitive information or taking actions that compromise their security.”

The Federal Communications Commission (FCC) has also strongly warned users not to disable any security settings that could allow cybercriminals to break into the phone.

“Factory setting your phone, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone while making it more vulnerable to attack,” the FCC warned.

According to Statista, 353 million people’s data was compromised in the US last year, including breaches, leaks and exposures.

But the last major zero-click exploit happened in 2021, which targeted Apple’s iMessage app and used a vulnerability related to the way the app handled images.

The attack succeeded bypass Apple’s BlastDoor security feature, which is designed to prevent such attacks.

The tech giant filed a lawsuit against NSO Group, an Israeli cyber-intelligence firm best known for its proprietary Pegasus spyware, which is capable of zero-click exploits.

Security researchers told Wired that the attack was “one of the most sophisticated technical feats” they had ever seen.