RICHMOND, Virginia (AP) – As a member of the Senate Secret Intelligence Committee, Senator Angus King has reason to be concerned about hackers. During a security staff briefing this year, he said he received advice on how to protect his cell phone.
First step: turn off the phone.
Step two: turn it back on.
That’s it. In the age of generalized digital insecurity Turns out, the oldest and simplest IT solution out there – turning a device off and on again – can stop hackers from stealing information from smartphones.
Restarting phones regularly will not stop the army of cybercriminals or spy companies that have wreaked havoc and doubt on the ability to keep information safe and private in our digital lives. But it can make even the most sophisticated hackers work harder to maintain access and steal data from a phone.
“It’s about imposing costs on these malicious actors,” said Neal Ziring, technical director of the National Security Agency’s cybersecurity branch.
NSA released ‘best practices’ guide for mobile device security last year in which he recommends restarting a phone every week to stop the hack.
King, an independent from Maine, says restarting his phone has become part of his routine.
“I would say probably once a week, whenever I think about it,” he said.
Almost always at hand, rarely turned off, and containing huge stocks of personal and sensitive data, cell phones have become prime targets for hackers looking to steal text messages, contacts and photos, as well as to track users’ locations and even secretly activate their video and microphones.
“I always think of phones as our digital soul,” said Patrick Wardle, security expert and former NSA researcher.
The number of people whose phones are hacked each year is unknown, but evidence suggests it’s significant. A recent survey in phone hacking by a global media consortium sparked political outcry in France, India, Hungary and elsewhere after researchers found dozens of journalists, human rights activists and politicians on a list disclosed of what were believed to be potential targets of a rental company.
The advice to periodically restart a phone reflects, in part, a shift in the way major hackers access mobile devices and the rise of so-called “zero-click” exploits that work without any user interaction instead of trying. to trick users into opening something that is secretly infected.
“There’s been this shift away from having a target click on a shady link,” said Bill Marczak, senior researcher at Citizen Lab, an Internet civil rights watchdog at the University of Toronto.
Typically, once hackers gain access to a device or network, they look for ways to persist in the system by installing malware on a computer’s root file system. But that has become more difficult because phone makers like Apple and Google have strong security to block malware from major operating systems, Ziring said.
“It’s very difficult for an attacker to sink into this layer in order to gain persistence,” he said.
This encourages hackers to opt for “in-memory payloads” which are more difficult to detect and trace to the person who sent them. Such hacks cannot survive a restart, but often don’t need them, as many people rarely turn off their phones.
“The opponents realized they didn’t need to persist,” Wardle said. “If they could do a one-time extraction and exfiltrate all your chat messages, contacts, and passwords, it’s almost over anyway, isn’t it?” “
There is currently a robust market for hacking tools that can break into phones. Some companies like Zerodium and Crowdfence are publicly offering millions of dollars for clickless exploits.
And hacking companies that sell mobile device hacking services to governments and law enforcement agencies have proliferated in recent years. The best known is the Israel-based NSO group, which spyware researchers say has been used around the world to break into the phones of human rights activists, journalists and even Catholic clergy. .
The NSO Group is at the center of recent revelations from a media consortium that reported that the company’s spyware tool, Pegasus, was used in 37 successful or attempted phone hacks by business executives, human rights activists and others, according to the Washington Post.
The company is also being sued in the United States by Facebook for allegedly targeting some 1,400 users of its WhatsApp encrypted messaging service with a clickless exploit.
NSO Group has stated that it only sells its spyware to “approved government agencies” for use against terrorists and serious criminals. The company did not respond to a request for comment.
NSO’s spyware persistence was a selling point for the company. Several years ago, its US-based grant offered law enforcement a phone hacking tool that would survive even a factory reset of a phone, according to documents obtained by Vice News.
But Marczak, who has followed NSO group activists closely for years, said it appears the company is first starting to use clickless exploits that forgo persistence around 2019.
He said victims in the WhatsApp case would see an incoming call for a few rings before the spyware was installed. In 2020, Marczak and Citizen Lab unveiled another clickless hack attributed to NSO Group that targeted several Al Jazeera journalists. In this case, the hackers used Apple’s iMessage SMS service.
“There was nothing that none of the targets reported seeing on their screen. Thus, it was both completely invisible and required no user interaction, ”said Marczak.
With such a powerful tool at their disposal, Marczak said restarting your phone would do little to stop determined hackers. Once you’ve restarted, they might just send out another zero-click.
“It’s kind of a different model, it’s re-infection persistence,” he said.
The NSA guide also recognizes that restarting a phone only sometimes works. The agency’s guide to mobile devices has even simpler advice to really make sure that hackers don’t secretly turn on your phone’s camera or microphone to check you in: don’t take it with you.