By Nikki Main Science Reporter for Dailymail.Com
16:30 3 June 2024, updated 18:23 3 June 2024
Anyone with an iPhone or Android should turn their device on and off once a week, officials say — to protect themselves from hackers.
The idea is to prevent ‘zero-click’ hacks, which involve downloading spyware to users’ phones without them ever clicking on a link.
The National Security Agency (NSA) supports the reboot method, which temporarily deletes huge stores of information that are constantly running in the background – such as our applications or Internet browser.
The NSA also warned that users should exercise caution when connecting to public Wi-Fi networks and are advised to regularly update their phones’ software and apps.
The NSA document outlines many steps that all iPhone and Android users should take to reduce their risk of cyber attack.
Rebooting your phone is one of the lesser known methods.
Unlike other forms of malware, no-click attacks do not require any interaction from the victim.
Click here to resize this module
Hackers exploit software vulnerabilities and gain access to devices without having to trick you into clicking a malicious link or downloading a malicious file.
If the system is not turned off and on, a cybercriminal can manipulate open URLs to run code that installs malicious files on devices.
Turning the phone off and on again forces all apps to close and logs you out of all bank and social media accounts, preventing hackers from accessing sensitive information.
The reboot method also has the same effect on spear-phishing attacks – when an attacker sends targeted fake emails to steal sensitive information like login credentials.
Nearly half of smartphone owners said they rarely or never turn off their cell phone, according to a 2015 Pew Research study, while 82 percent said they never or rarely restart their phone.
The NSA document also informs users that it is important to update software and apps frequently to keep your device secure.
Over time, hackers find new ways to break into your system, but updating your old software will remove any potential flaws or loopholes they may have used to access your data.
The NSA also recommended that people disable their Bluetooth when not in use as this reduces the possibility of unauthorized access to their devices.
The advice is not 100 percent effective, the NSA warned, but should provide partial protection against certain malicious activities.
‘Threats to mobile devices are increasingly present and growing in scope and complexity,’ the NSA warned, adding that some smartphone features ‘provide convenience and capabilities but sacrifice security.’
Users should also turn off their WiFi and delete unused networks that cybercriminals can use to target their phones.
When connecting to a WiFi network, it’s important to watch out for SSID spoofing attacks that trick users into connecting to their access point instead of an official WiFi establishment using a similar network name.
A strong lock screen with a minimum six-digit PIN will add much-needed protection combined with a feature that prompts the smartphone to wipe itself after 10 incorrect attempts.
It further warns that people should avoid opening email attachments or links from unknown sources that could install malware without the person’s knowledge.
«Falling into social engineering tactics, such as responding to spam emails that ask for sensitive information, can result in account compromise and identity theft,» Oliver Page, CEO of cybersecurity firm Cybernut, told Forbes.
‘These phishing attempts often impersonate legitimate entities, tricking individuals into divulging confidential details.
‘Believing phone calls or messages without verification can lead to serious consequences, as fraudsters manipulate victims into revealing sensitive information or taking actions that compromise their safety.’
The Federal Communications Commission (FCC) has also strongly warned users not to remove security settings that could give cybercriminals an opportunity to break into the phone.
«Factory setting your phone, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone, while making it more vulnerable to attack,» the FCC warned.
According to Statista, 353 million people’s data was compromised in the US last year, including breaches, leaks and disclosures.
But the last major zero-click exploit occurred in 2021, which targeted Apple’s iMessage app and exploited a vulnerability related to the way the app processed images.
The attack could bypass Apple’s BlastDoor security feature designed to prevent such attacks.
The tech giant has filed a lawsuit against NSO Group, an Israeli cyber-intelligence company primarily known for its proprietary Pegasus spyware, which is capable of clickless exploits.
Security researchers told Wired that the attack was ‘one of the most technically sophisticated undertakings’ they had ever seen.