Fresno, California 2021-07-29 01:01:40 –
Step 1: Turn off the phone.
Step 2: Turn it back on.
that’s it. In an era of widespread digital anxiety, it turns out that the oldest and simplest computer fixes (turning the device off and then back on) can prevent hackers from stealing information from their smartphones.
Regular phone restarts can’t stop the army of cybercriminals and espionage companies that disperse the mess and question their ability to keep information safe and private in their digital life. But it can allow even the most sophisticated hackers to maintain access and work hard to steal data from their phones.
“It’s all about imposing costs on these malicious attackers,” said Neil Gilling, technical director of the National Security Agency’s Cybersecurity Agency.
Last year, the NSA published a “best practice” guide on mobile device security. This guide recommends that you restart your phone every week as a way to prevent hacking.
Independent of Maine, King says restarting the phone is now part of his day-to-day operations.
“Whenever I think of it, I’ll probably say it once a week,” he said.
In most cases, they are within reach and rarely turn off or store large amounts of personal or sensitive data. Mobile phones have become the number one target for hackers who steal text messages, contacts and photos, track user locations and secretly turn on videos. And Mike.
“I always think of the phone as our digital soul,” said Patrick Wardle, a security expert and former NSA researcher.
The number of people whose phones are hacked each year is unknown, but evidence suggests that it is important. A recent study by the Global Media Consortium on telephone hacking found France on a leaked list of researchers believed to be potential targets for Israelis, after finding numerous journalists, human rights activists and politicians. A company that hires hackers that has caused political turmoil in France, Hungary, etc.
The advice to restart the phone on a regular basis is partly due to changes in the way top hackers access mobile devices and the rise of so-called “zero-click” exploits that work without user interaction instead of trying to guide the user. Is reflected. Open what is secretly infected.
Bill Marzac, Principal Investigator at Citizen Lab, the University of Toronto’s Internet Civil Rights Oversight Agency, said:
Once a hacker gains access to a device or network, hackers typically look for ways to stay in the system by installing malicious software on the computer’s root file system. But this is even more difficult, Ziring said, as phone makers such as Apple and Google have strong security that blocks malware from their core operating systems.
“It’s very difficult for an attacker to sneak into that layer for persistence,” he said.
This causes hackers to choose “in-memory payloads” that are difficult to detect and track senders. Such hacks do not survive a reboot, but many people rarely turn off their phones and do not need to reboot.
“Adversaries have realized that they don’t have to stick,” Wardle said. “If they can pull only once and steal all chat messages, contacts and passwords, it’s almost game over, right?”
Currently, the market for hacking tools that can break into phones is strong. Some companies, such as Zerodium and Crowdfence, publicly offer millions of dollars to zero-click exploits.
Also, in recent years, a surge in companies are hiring hackers to sell mobile device hacking services to governments and law enforcement agencies. The best known is the Israeli-based NSO Group, whose spyware researchers say it is being used around the world to break into the phones of human rights activists, journalists and even Catholic clergy. I am.
According to the Washington Post, NSO Group is the focus of a recent publication by a media consortium reporting that its spyware tool Pegasus was used in 37 successful or attempted phone hacks by executives and human rights activists.
The company has also been sued in the United States by Facebook for targeting approximately 1,400 users of its encrypted messaging service WhatsApp with a zero-click exploit.
NSO Group states that it sells spyware only to “scrutinized government agencies” for use against terrorists and major criminals. The company did not respond to requests for comment.
NSO’s spyware persistence was once a selling point for the company. A few years ago, with a US-based subsidy, law enforcement agencies pitched a phone hacking tool that survived a factory reset of the phone, according to a document obtained by Vice News.
However, Marczak, who has been closely tracking NSO Group activists for years, said the company seemed to be the first to use a non-persistent zero-click exploit around 2019.
He said victims of the WhatsApp case would see several ringing tones before the spyware was installed. In 2020, Marczak and Citizen Lab published another zero-click hack due to NSO Group targeting several journalists in Al Jazeera. In that case, the hacker used Apple’s iMessage text messaging service.
“Nothing reported that one of the targets was visible on the screen, so not only was the target completely invisible, but it didn’t require any user interaction,” Marczak said. increase.
Marczak says that such powerful tools are at your disposal, and restarting your phone won’t stop a determined hacker. Upon reboot, they may simply send another zero click.
“It’s a different model, persistent with reinfection,” he said.
The NSA’s guide also acknowledges that restarting the phone works only occasionally. The agency’s guide on mobile devices has even simpler advice on how to prevent hackers from secretly turning on your phone’s camera or microphone to record you. Please do not carry it.
Copyright © 2021 By AP communication. all rights reserved.
Turn off, turn on: Simple step can thwart top phone hackers Source link Turn off, turn on: Simple step can thwart top phone hackers