Here’s how to protect yourself after a secret cyberattack targets millions of devices

Daily Mail

Anyone with an iPhone or Android should turn their device on and off once a week, officials say – to protect them from hackers.
The idea is to thwart ‘zero-click’ hacks, which involve downloading spyware onto users’ phones without them ever clicking a link.
An NSA document listed the many steps all iPhone and Android users should take to mitigate the risk of a cyberattack.
The NSA document also informed users that its important to frequently update software and apps to ensure your device is secure.
The advice is not 100 percent effective, the NSA warned, but it should provide partial protection from certain malicious activity.
‘Threats to mobile devices are more prevalent and increasing in scope and complexity,’ the NSA warned, adding that some smartphone features ‘provide convenience and capability but sacrifice security.’
It further warned that people should avoid opening email attachments or links from an unknown source which could install malicious software without the person’s knowledge.
The Federal Communications Commission (FCC) also heavily warned users against dismantling any security settings that could give cybercriminals an opportunity to break into the phone.

NEGATIVE

According to officials, anyone using an iPhone or Android smartphone should switch it on and off once a week to keep it safe from hackers.

The goal is to prevent “zero-click” hacks, which infect users’ phones with malware without their ever having to click on a link.

Rebooting erases the vast amounts of data that are constantly running in the background on our internet browsers and applications, for example. This technique is recommended by the National Security Agency (NSA).

The National Security Agency (NSA) has also cautioned users to update their phone’s software and apps on a regular basis and to avoid connecting to public WiFi networks.

The numerous precautions that all Android and iPhone users should take to lessen the chance of a cyberattack were enumerated in an NSA document.

One of the less-known fixes is to simply restart your phone.

Zero-click attacks don’t require the victim to interact in any way, unlike other types of malware.

Hackers can access devices by taking advantage of a software vulnerability without needing to trick you into opening a malicious file or clicking on a link.

Cybercriminals can manipulate opened URLs to run code that installs malicious files onto devices if the system isn’t turned off and on.

The act of turning the phone off and back on compels all apps to close and logs out of social media and bank accounts, thereby obstructing the hackers’ access to private data.

Rebooting also has the same effect on spear-phishing attacks, in which a hacker sends specifically targeted, phony emails in an attempt to obtain private data, such as login credentials.

Based on a 2015 Pew Research study, nearly half of smartphone owners said they never or very rarely turned off their phones, and 82% said they never or very rarely rebooted them.

Users were also advised to regularly update software and apps to keep their device secure, according to the NSA document.

Though hackers are constantly coming up with new ways to breach systems, updating outdated software will eliminate any vulnerabilities or openings that could have allowed them to access your data.

In order to lessen the possibility of someone obtaining unauthorized access to their devices, the NSA also advised users to turn off their Bluetooth when not in use.

The NSA cautioned that while the advice is not 100% effective, it should offer some protection against some malicious activity.

The National Security Agency (NSA) cautioned that “threats to mobile devices are more prevalent and increasing in scope and complexity.” It also noted that certain features of smartphones “provide convenience and capability but sacrifice security.”. “.

Users should also remove any unused networks from their phones and turn off their WiFi so that hackers cannot target them.

It’s crucial to be aware of SSID Confusion Attacks when utilizing a WiFi network. These attacks deceive users into connecting to the hotspot rather than the official WiFi of the establishment by using a network name that is similar.

When paired with the function that causes the smartphone to wipe itself after ten unsuccessful tries, a robust lock screen with a minimum six-digit PIN will provide much-needed security.

It also advised against clicking on links or email attachments from unfamiliar sources as these could unintentionally install malicious software.

“Surrendering to unsolicited emails requesting sensitive information is an example of social engineering tactics that can lead to account compromise and identity theft,” Oliver Page, CEO of Cybernut, a cybersecurity company, told Forbes.

These phishing attempts frequently imitate trustworthy organizations in an effort to trick people into disclosing personal information.

When scammers trick victims into divulging private information or taking actions that jeopardize their security, they can have major repercussions if they blindly trust calls or messages. “.

Additionally, users were forewarned by the Federal Communications Commission (FCC) not to tamper with any security settings that might allow hackers to access the phone.

The FCC warned that “tampering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone and makes it more susceptible to an attack.”.

353 million people’s personal information was compromised in the US last year due to breaches, exposures, and leaks, according to Statista.

However, the last significant zero-click exploit happened in 2021 and used a flaw in the way the Apple iMessage app processed images to target the app.

The BlastDoor security feature, which Apple had installed to thwart similar attacks, was circumvented by the raid.

The Israeli cyber-intelligence company NSO Group, best known for its exclusive Pegasus spyware that can perform zero-click exploits, was sued by the tech giant.

The attack was described by security experts as “one of the most technically sophisticated exploits” they had ever seen by Wired.

scroll to top