How wise is the NSA’s zero-click threat advice in 2024?
Comedy fans may remember the line from the British sitcom The IT Crowd: “Have you tried turning it off and on again?” But what if the National Security Agency told all smartphone users to do so? And more importantly, if you follow that advice, will you be safe from malware and spyware in 2024 and beyond?
NSA advises turning power off and on again
The NSA’s first warning was published in the Mobile Device Best Practices Guide in 2020. Smartphones, which run on all operating system platforms, are becoming increasingly common targets for threat actors of all kinds, the NSA said. “Many of the features offer convenience and functionality, but at the cost of security,” he said, adding that there are simple things even non-technical users can do to better protect their devices and the data stored on them. I tried to identify the steps. Earlier this year, I reported on the NSA’s recommendations, and that article continues to generate countless responses to this day. Security experts and smartphone users have thanked me for bringing this warning to their attention, but I haven’t elaborated on what a reboot won’t protect them from. Some people scold me for doing so. Of course, all these opinions are valid, and this article is written in the hope of providing a clearer explanation.
First of all, I have nothing but praise for the documents released by the NSA. The advice is not only sensible, but presented in a way that is clear for all audiences. The NSA took a pictorial approach and used an icon-based warning system that tells readers what to avoid, what to disable, what to do, and what not to do. Recommendations include, for example, the use of strong PINs and passwords, biometric locks, and regular software updates. Advice on what not to do included rooting or jailbreaking your phone, clicking on unknown links or opening unknown attachments. But what interested me most was the disable icon, especially when you disable the power by turning the device off and on again every week.
The second page of the infographic-heavy advice document took a more tabular approach to alerting smartphone users of what they should do when it comes to threat mitigation. This time, the iconography was divided between sometimes obstructed and almost always obstructed. If you regularly restart your phone, we recommend doing so as it may prevent spear phishing (installing malware) and zero-click exploits. So this was never a silver bullet solution or a one-size-fits-all security panacea.
Will you need to restart your smartphone regularly in 2024?
The short answer to whether you’ll need to restart your smartphone every week in 2024 is no. But need does a lot of the heavy lifting on this issue. From a security perspective, reboots remove threats from non-persistent malware, i.e. threats that cannot survive a reboot. I know it’s obvious, but I’ll say it. There are many types of malware that fall into this category, and not all of them come from the least advanced or sophisticated attackers.
At a time when spyware was making headlines for good reason, with nations using sophisticated software such as Pegasus to infect both Android and iPhone devices, the report notes that spyware’s persistence makes it difficult to reinfect it again. It was suggested that it now relies on a binary payload that can be exploited again after launch. Relying on malware in memory rather than being written to permanent storage is another way to avoid leaving behind evidence of surveillance during such advanced attacks.
“As long as people regularly update their devices when new versions of operating systems are released, their devices will stay healthy and protected,” said Jake Moore, Global Cybersecurity Evangelist at ESET. However, for battery reasons rather than security, it’s a good idea to restart your phone regularly.” Moore is right that a quick restart can resolve performance and connectivity issues. It happens often. However, the security reasons for rebooting are not completely ignored. “Zero-click malware is a recurring problem on both Apple and Android operating systems, but it is typically quickly identified and addressed. Once detected, zero-click malware is a recurring problem in both Apple and Android operating systems,” Moore said. Patches will be developed and new updates will be released.
There is no definitive answer regarding the greed of NSA warnings and reboot advisories, but in my humble opinion, erring on the side of caution should never be underestimated. There’s an interesting discussion on Stack Exchange that sums things up pretty well. The long answer is that it depends on what your handheld has done since the last reboot, but the short answer is that, on average, reboots reduce vulnerabilities. There are few, if any, downsides to rebooting, so why not reboot regularly? I’m on the side of the NSA on this one.
