Android and iPhone users are being urged to reboot their devices once a week to help prevent hackers from sneaking spyware onto their phones via 'zero-click' exploits.
As the name suggests, zero-click attacks don't require a user to click on a malicious link or download a compromised file. Instead, malware is installed on a device without any interaction from the victim, leaving little trace and making detection very difficult.
A zero-click hack will exploit flaws or vulnerable areas in your phone, such as using a data verification loophole to infiltrate your system. According to the cybersecurity company Kaspersky, these attacks often target apps that offer messaging or voice calling because they are designed to receive and interpret data from untrusted sources.
For example, hackers could use a hidden text message or image file to inject code that compromises the device, allowing them to install spyware and collect data, Kaspersky warns. They could also infect a device by manipulating opened URLs.
However, turning your phone off and on again every week can help protect against such attacks, as it temporarily deletes the information that continuously runs in the background via apps or an internet browser. The method does require the user to reboot their phone - not simply placing it in standby mode.
The method is endorsed by the US National Security Agency (NSA), which detailed the steps iPhone and Android users should take to mitigate the risk of a cyberattack in a comprehensive document.
A simple reboot can also mitigate the threat of spear-phishing, a type of phishing attack that typically targets individuals or organisations through malicious emails. The goal of spear-phishing is to install malware and spyware on the targets' device, or steal sensitive information such as login credentials.
The document also recommended disabling Bluetooth when it's not in use, not connecting to public Wi-Fi networks, removing any unused networks, avoiding email attachments or links from an unknown source, and updating software and apps regularly. Keeping your software and applications up to date will ensure any potential flaws or loopholes in the old version are removed, in turn making your device more secure.
It also recommended setting up a strong PIN - six-digit minimum - and enabling additional security measures, such as the phone factory-resetting itself after 10 incorrect passcode entries.
While the tips won't 100 percent guarantee protection from hacks and breaches, it should provide some defence against certain types of attacks, the NSA noted. Turning the phone off and on again will also not help against more advanced malware threats, which are programmed to reload on reboot.
"Threats to mobile devices are more prevalent and increasing in scope and complexity," the agency warned, adding that some smartphone features "provide convenience and capability but sacrifice security".
"Falling for social engineering tactics, like responding to unsolicited emails requesting sensitive information, can result in account compromise and identity theft," Oliver Page, the CEO of cybersecurity company Cybernut, told Forbes.
"These phishing attempts often mimic legitimate entities, deceiving individuals into divulging confidential details.
"Trusting phone calls or messages without verification can lead to serious consequences, as scammers manipulate victims into disclosing sensitive information or taking actions that compromise their security."
According to reports, the last major zero-click exploit occurred in 2021, in which hackers targeted an image-processing vulnerability in Apple's iMessage app. The attack was able to bypass Apple's BlastDoor security feature, leading some researchers to call the exploit "one of the most technically sophisticated" they'd seen.
Apple filed a lawsuit against NSO Group, an Israeli cyber-arms company primarily known for its extremely controversial malicious spyware Pegasus, which is capable of zero-click exploits and other sophisticated attacks. The spyware is designed to be covertly and remotely installed on mobile phones running iOS or Android.
