Simple steps can thwart top phone hackers.
Richmond, VA (AP) – As a member of the Senate Intelligence Committee, Sen. Angus King has reason to worry about hackers. At a security briefing this year, he said he received some advice on how to help keep his cell phone safe.
Step 1: Turn off the phone.
Step 2: Turn it on again.
that’s it. In the face of widespread digital insecurity, the oldest and simplest computer fix – turning off a device and then restarting it – can prevent hackers from stealing information from smartphones.
Regularly rebooting the phone will not deter an army of cybercriminals or rental firms that have sown chaos and doubts about our ability to keep any information secure and private in our digital lives. Have created But it can also work hard for sophisticated hackers to steal data and maintain access to the phone.
“It’s all about putting a price on these malicious actors,” said Neil Zering, technical director of the National Security Agency’s cybersecurity directorate.
The NSA last year released a “best practice” guide to mobile device security that recommends rebooting the phone every week to prevent hacking.
Cain, who is mine-free, says rebooting his phone is now part of his routine.
“I would probably say it once a week, whenever I think about it,” he said.
Almost always within arm’s reach, rarely closed and with huge stores of personal and sensitive data, cell phones have become a target for hackers who steal text messages, contacts and photos, as well as users’ locations. Track and even secretly turn on their videos. And microphone.
“I always think of the phone as my digital soul,” said Patrick Wardle, a security expert and former NSA researcher.
The number of people whose phones are hacked each year is unknown, but the evidence is significant. A recent phone hacking investigation by a global media consortium has sparked political unrest in France, India, Hungary and elsewhere, with researchers listing several journalists, human rights activists and politicians in a leaked list. It has been found that they are considered possible targets of an Israeli. Rental company.
The suggestion of periodically restarting the reb phone reflects how top hackers are gaining access to mobile devices and the rise of so-called “zero click” exploits instead of trying to get users to Works for a user interaction. Open something that is secretly affected.
“This evolution is far from a targeted click on a dodgy link,” said Bill Marxz, a senior researcher at Citizen Lab, an Internet civil rights watchdog at the University of Toronto.
Typically, once hackers gain access to a device or network, they look for ways to stay in the system by installing malicious software into the computer’s root file system. But it has become more difficult because phone manufacturers like Apple and Google have strong security to prevent malware from the basic operating system, Zeering said.
“It’s very difficult for an attacker to get into this layer to gain perseverance,” he said.
It encourages hackers to choose “payloads in memory” that are difficult to detect and return. Such hacks can’t be avoided again, but often not, as many people rarely turn off their phones.
“Opponents realized they didn’t have to stay,” Wardley said. “If they can pull out all your chat messages and your contacts and your passwords at once, it’s almost a game anyway, right?”
There is currently a strong market for hacking tools that can break the phone. Some companies, such as Zerodium and Crowdfence, publicly offer millions of dollars for zero-click exploitation.
And hacker-hire companies that sell mobile device hacking services to governments and law enforcement have spread in recent years. The most famous is the Israel-based NSO group, whose spyware researchers say is used to break the phones of human rights activists, journalists and even members of Catholic clergy around the world.
According to the Washington Post, the NSO Group is the centerpiece of a recent exhibition by a media consortium reporting that the company’s spyware tool Pegasus was used in 37 instances of hacking the phones of business executives, human rights activists and others. Used.
The company is being sued by Facebook in the United States for allegedly targeting about 1,100 users of its encrypted messaging service WhatsApp with zero click exploitation.
The NSO group says it sells its spyware only to “tested government agencies” to be used against terrorists and major criminals. The company did not respond to a request for comment.
The persistence of NSO spyware was the company’s selling point. Many years ago, its US-based subsidy made law enforcement a phone hacking tool that would survive until a phone factory reset.
But Marczak, who has tracked NSO Group workers closely for years, said the company appears to have started using the first zero-click exploitation that leaves stability around 2019.
He said the victims of the WhatsApp case would see incoming calls for a few hours before the spyware was installed. In 2020, Marxzac and Citizen Labs uncovered another zero-click hack attributed to the NSO group that targeted several journalists at Al Jazeera. In that case, the hackers used Apple’s iMessage texting service.
“There was nothing that any of the targets would notice by looking at their screen. So that they were both completely invisible and at the same time did not require any user interaction,” Marczak said.
With a powerful tool at their disposal, Markszak said it would not do much to stop hackers determined to reboot your phone. Once you reboot, they can send just one more zero click.
“It’s just a different model, it’s sustainability through re-application,” he said.
The NSA guide also acknowledges that rebooting a phone only works sometimes. The Agency Guide for Mobile Devices has an even simpler piece of advice to make sure hackers aren’t turning on your phone’s camera or microphone to record you: Don’t take it with you. ۔