Are you unsure when was the last time you turned off your iPhone or Android phone? Is Bluetooth always turned on? Do you plug your phone into any available charger without a second thought? If your answer to any of these questions is “YES,” then the National Security Agency (NSA) in the United States would consider you to be putting your privacy at risk.
In today’s world, almost everyone has a smartphone, and these devices have become targets for hackers, facing various security threats, including phishing attacks, malware, and spyware.
According to a report released by the NSA, here are six smartphone usage rules devised by the NSA to protect public safety in the United States.
The NSA suggests that shutting down your phone and restarting it once a week is a simple and effective method to help prevent zero-click exploits, where hackers can infiltrate your phone without you clicking on anything.
How to restart your phone: Turn off the phone completely, wait for at least 10 seconds, and then turn it back on. While this may not remove persistent malware, it can interrupt certain types of attacks.
Cybersecurity experts recommend further steps to defend against zero-click exploits. According to zdnet, Rocky Cole, co-founder of the mobile threat protection company iVerify, advises treating your phone as a computer, meaning you should restart it daily. He states, “Many vulnerabilities only exist in memory. They are not files, so if you reboot the device, theoretically you should be able to clear out the malware as well.”
For iPhone users, enabling the lock mode can also be beneficial. Cole mentions that “lock mode can reduce certain functions targeted by internet-facing applications, thus reducing the attack surface to some extent.”
The only way to truly protect yourself from zero-click attacks is to patch potential vulnerabilities. Cole emphasizes, “As an end-user, it is crucial to update and use new security patches as soon as they become available.”
Bluetooth can serve as a potential entry point for hackers, especially in public places where attackers can get close enough to exploit vulnerabilities. Hackers possess tools like “BlueSnarfing” to steal data or eavesdrop on conversations.
Disabling Bluetooth when not in use can also help conserve battery life.
As a part of enhancing customer service, many shopping centers, coffee shops, airports, and other public places offer customers free charging stations to quickly charge their phones. However, users who use such services may not be aware that their phones could be susceptible to network attacks.
The NSA warns against using public USB charging ports at airports, coffee shops, and hotels since these ports may pose an invisible risk where hackers can inject malicious software or steal your data via public USB connections.
The FBI also issued a similar warning regarding public USB usage in 2023.
What should you do? Opt for regular power outlets and carry a charging cable specifically for charging purposes while traveling – a cable that does not transfer data and is only used for charging.
Public WiFi is now ubiquitous – offering free WiFi services at bars, cafes, restaurants, airports, and even some beaches and nature trails. Although using public WiFi can save on mobile data plans and potentially save some money, connecting to public internet servers comes with severe risks.
Hackers can inject malicious code into your device via WiFi connections without your knowledge. If hackers have the proper software and expertise, they can see all your data and activities on the public WiFi connection, including monitoring your every move, including inputting passwords or bank information.
As per the NSA report, refraining from using public WiFi can help mitigate risks of zero-click attacks, malicious WiFi networks/near-field network attacks, network call/SMS/data collection attacks, and device geolocation attacks to some extent.
For sensitive tasks like online banking or accessing work emails, cellular networks on your phone are much more secure.
Moreover, when not in use, it is advisable to turn off WiFi to prevent the phone from automatically connecting to unsafe networks.
The NSA suggests using protective covers to muffle the microphone’s sound and covering the camera when not in use.
In “hot miking” attacks, hackers activate a phone’s microphone without the user’s knowledge to eavesdrop on conversations. This scenario occurs when a device is somehow compromised, usually through malicious software or apps granted permissions by the user. Most people are not targets of such attacks, but precautions should still be taken.
The NSA recommends installing the minimum number of applications and only installing apps from official app stores. Be cautious with personal data entered into apps. Close apps when not in use, as this can help prevent various categories of hacker attacks, including spear-phishing.
(This article partially references a report from “Daily Mail”)