Tech
Urgent warning to all iPhone users after cyberattack targets devices
By Nikki Main Science Reporter For Dailymail.Com
16:30 03 Jun 2024, updated 18:23 03 Jun 2024
Anyone with an iPhone or Android should turn their device on and off once a week, officials say – to protect them from hackers.
The idea is to thwart ‘zero-click’ hacks, which involve downloading spyware onto users’ phones without them ever clicking a link.
The National Security Agency (NSA) endorses the rebooting method, which temporarily deletes the massive stores of information that continuously run in the background – such as on our apps or internet browser.
The NSA has also warned that users should be wary about connecting to public WiFi networks and are advised to update their phone’s software and apps regularly.
An NSA document listed the many steps all iPhone and Android users should take to mitigate the risk of a cyberattack.
Restarting your phone is one of the lesser-known methods.
Unlike other forms of malware, zero-click attacks don’t require any interaction from the victim.
Click here to resize this module
Hackers prey on a software vulnerability and gain access to devices, without having to dupe you into clicking a malicious link or downloading a malicious file.
If the system isn’t turned off and on, a cybercriminal can manipulate opened URLs to run code that installs malicious files onto the devices.
By turning the phone off and back on, it forces the closure of all apps and logs out of all bank and social media accounts, therefore preventing the hackers from accessing sensitive information.
The reboot method also has the same effect on spear-phishing attacks – when an attacker sends targeted fraudulent emails to steal sensitive information like login credentials.
Nearly half of smartphone owners reported they rarely or never turned their cell phone off, according to a 2015 Pew Research study, while 82 percent said they never or rarely rebooted their phone.
The NSA document also informed users that its important to frequently update software and apps to ensure your device is secure.
Over time, hackers find new ways to break into a system, but updating old software will remove any potential flaws or loopholes they might have used to access your data.
The NSA also recommended that people disable their Bluetooth when they aren’t using it because it reduces the chance of people gaining unauthorized access to their devices.
The advice is not 100 percent effective, the NSA warned, but it should provide partial protection from certain malicious activity.
‘Threats to mobile devices are more prevalent and increasing in scope and complexity,’ the NSA warned, adding that some smartphone features ‘provide convenience and capability but sacrifice security.’
Users should also turn off their WiFi and delete unused networks that cybercriminals can use to target their phones.
When connecting to a WiFi network, it’s important to watch out for SSID Confusion Attacks that trick users into connecting to their hotspot instead of the establishment’s official WiFi using a similar network name.
A strong lock screen with a minimum six-digit PIN will add much-needed protection when combined with the feature that prompts the smartphone to wipe itself after 10 incorrect attempts.
It further warned that people should avoid opening email attachments or links from an unknown source which could install malicious software without the person’s knowledge.
‘Falling for social engineering tactics, like responding to unsolicited emails requesting sensitive information, can result in account compromise and identity theft,’ Oliver Page, the CEO of cybersecurity company Cybernut, told Forbes.
‘These phishing attempts often mimic legitimate entities, deceiving individuals into divulging confidential details.
‘Trusting phone calls or messages without verification can lead to serious consequences, as scammers manipulate victims into disclosing sensitive information or taking actions that compromise their security.’
The Federal Communications Commission (FCC) also heavily warned users against dismantling any security settings that could give cybercriminals an opportunity to break into the phone.
‘Tampering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone while making it more susceptible to an attack,’ the FCC admonished.
According to Statista, 353 million people’s data was compromised in the US last year including breaches, leaks and exposures.
But the last major zero-click exploit occurred in 2021, which targeted Apple’s iMessage app and used a vulnerability related to the way the app processed images.
The attack was able to bypass Apple’s BlastDoor security feature that was designed to prevent such attacks.
The tech giant filed a lawsuit against NSO Group, an Israeli cyber-intelligence firm primarily known for its proprietary spyware Pegasus, which is capable of zero-click exploits.
Security researchers told Wired that the attack ‘one of the most technically sophisticated exploits’ they had ever seen.