By Nikki Chief Science Reporter for Dailymail.Com
16:30 03 June 2024, updated 18:23 03 June 2024
Anyone with an iPhone or Android should turn their device on and off once a week, officials say — to protect them from hackers.
The idea is to thwart ‘zero-click’ hacks, which involve downloading spyware to users’ phones without ever clicking a link.
The National Security Agency (NSA) approves the reset method, which temporarily deletes massive stores of information that are constantly running in the background – such as in our applications or in the web browser.
The NSA has also warned that users should be cautious about connecting to public WiFi networks and are advised to regularly update their phone software and apps.
An NSA document listed the many steps all iPhone and Android users should take to mitigate the risk of a cyber attack.
Restarting the phone is one of the less popular methods.
Unlike other forms of malware, zero-click attacks do not require any interaction from the victim.
Click here to resize this module
Hackers exploit a software vulnerability and gain access to the device without having to trick you into clicking a malicious link or downloading a malicious file.
If the system is not powered off and on, a cybercriminal can manipulate open URLs to run code that installs malicious files on the device.
By turning off and restarting the phone, it forces all apps to close and log out of all bank and social media accounts, thus preventing hackers from accessing sensitive information.
The reboot method also has the same effect on spear phishing attacks – when an attacker sends phishing emails aimed at stealing sensitive information such as login credentials.
Almost half of smartphone owners reported that they rarely or never turned off their cell phone, according to a 2015 Pew Research study, while 82 percent said they never or rarely turned their phone on.
The NSA document also informed users that it is important to update software and apps frequently to ensure your device is secure.
Over time, hackers find new ways to break into a system, but updating older software will remove any potential flaws or loopholes they may have used to access your data.
The NSA also recommended that people turn off their Bluetooth when they’re not using it, because it reduces the chance of people gaining unauthorized access to their devices.
The tip is not 100 percent effective, the NSA warned, but should provide partial protection against some malicious activity.
“Threats to mobile devices are more widespread and growing in scope and complexity,” the NSA warned, adding that some smartphone features “provide convenience and capability but sacrifice security.”
Users should also disable their WiFi and delete unused networks that cybercriminals can use to target their phones.
When connecting to a WiFi network, it’s important to watch out for SSID confusion attacks that trick users into connecting to their own hotspot instead of the official enterprise WiFi using a similar network name.
A strong lock screen with a minimum six-digit PIN will add much-needed protection when combined with the feature that prompts the smartphone to wipe itself after 10 incorrect attempts.
He further warned that people should avoid opening email attachments or links from an unknown source that could install malicious software without the person’s knowledge.
“Falling to social engineering tactics, such as responding to unsolicited emails asking for sensitive information, can result in account compromise and identity theft,” Oliver Page, CEO of cybersecurity company Cybernut, told Forbes.
“These phishing attempts often impersonate legitimate entities, tricking individuals into revealing confidential details.
“Believing calls or messages without verification can lead to serious consequences, as fraudsters manipulate victims into revealing sensitive information or taking actions that compromise their security.”
The Federal Communications Commission (FCC) also warned many users not to disable any security settings that could give cybercriminals an opportunity to access the phone.
“Interfering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features provided by your wireless service and smartphone while making it more susceptible to an attack,” the FCC warned.
According to Statista, 353 million people’s data was compromised in the US last year, including breaches, leaks and exposures.
But the last major zero-click exploit occurred in 2021, which targeted Apple’s iMessage app and exploited a vulnerability related to the way the app processed images.
The attack was able to bypass Apple’s BlastDoor security feature that was designed to prevent such attacks.
The tech giant filed a lawsuit against NSO Group, an Israeli cyber-intelligence firm best known for its proprietary Pegasus spyware, which is capable of zero-click exploits.
Security researchers told Wired that the attack was “one of the most technically sophisticated exploits” they had ever seen.