Turn it off, on: One simple step can block the best hackers


RICHMOND, Va. (AP) — Senator Angus King, as a member of the secret Senate Intelligence Committee, has reason to worry about hackers. At a briefing held by security staff this year, he said he received some advice on how his cell phone can help keep it safe.

Step One: Turn off the phone.

Step Two: Turn it on again.

This much. In a time of widespread digital insecurity, it turns out that the oldest and simplest computer fix – turning a device off and then on again – could prevent hackers from stealing information from smartphones.

Restarting phones regularly won’t stop the army of cybercriminals or hired spy companies that are sowing chaos and casting doubt on our digital lives’ ability to keep any information secure and private. However, it can cause even the most sophisticated hackers to work harder to maintain access and steal data from a phone.

“It’s about putting costs on these malicious actors,” said Neal Ziring, technical director of the National Security Agency’s cybersecurity directorate.

The NSA published a “best practices” guide to mobile device security last year, recommending a phone reboot each week to stop hacking.

King, who is independent of Maine, says restarting his phone is now part of his routine.

“I would probably say once a week, whenever I can think of it,” he said.

Cell phones, which are almost always at hand, infrequently turned off, and hold large stores of personal and sensitive data, have become prime targets for hackers who want to steal text messages, contacts and photos, as well as track users’ locations and even spy on their videos. and microphones.

“I always think of phones as our digital soul,” said Patrick Wardle, security expert and former NSA researcher.

The number of people whose phones are hacked each year is unknown, but the evidence shows that this is significant. A recent investigation into the phone hacking by a global media consortium has caused political turmoil in France, India, Hungary and elsewhere after investigators found numerous journalists, human rights activists and politicians on a leaked list of those believed to be potential targets of an Israeli. hacker company.

The recommendation to restart a phone periodically reflects, in part, a change in the way top hackers gain access to mobile devices and the rise of so-called “zero-click” vulnerabilities that operate without any user interaction rather than trying to manipulate users. open something that has been secretly infected.

“It was this evolution from target clicking on a dangerous link,” said Bill Marczak, senior researcher at Citizen Lab, an internet civil rights watchdog at the University of Toronto.

Typically, when hackers gain access to a device or network, they try to find ways to stay in the system by installing malware on the root file system of the computer. But Ziring said this is made more difficult as phone makers like Apple and Google have strong security to block malware from their core operating systems.

“It’s very difficult for an attacker to break into that layer to gain persistence,” he said.

This encourages hackers to choose “in-memory payloads” that are more difficult to detect and track who sent them. Such hacks won’t survive a reboot, but most people don’t need it most of the time as they rarely turn off their phones.

“The enemies realized they didn’t have to persist,” Wardle said. “If they can make a one-time pull and leak all your chat messages, contacts, and passwords, then anyway, it’s almost game over, right?”

There is currently a solid market for hacking tools that can get into phones. Some companies, such as Zerodium and Crowdfence, are publicly offering millions of dollars for zero-click exploits.

Hire hackers selling mobile device hacking services to governments and law enforcement have also proliferated in recent years. The best-known is the Israel-based NSO Group, which spyware researchers say has been used around the world to hack into the phones of human rights activists, journalists, and even Catholic clergy.

According to The Washington Post, NSO Group is the focus of recent disclosures, which report that the company’s spyware tool, Pegasus, was used by a media consortium in 37 successful or attempted phone hacks of company executives, human rights activists, and others.

The company is also being sued in the US by Facebook for allegedly targeting about 1,400 users of encrypted messaging service WhatsApp with a zero-click exploit.

NSO Group said it sells its spyware only to “reviewed government agencies” for use against terrorists and major criminals. The company did not respond to a request for comment.

The persistence of NSO’s spyware was a selling point of the company. According to documents obtained by Vice News, a few years ago the US-based subsidy offered law enforcement a phone hacking tool that could survive a phone’s factory reset.

But Marczak, who has followed NSO Group’s activists closely for years, said the company first started using zero-click exploits that gave up persistence in 2019.

He said victims in the WhatsApp case would see an incoming call for a few rings before the spyware was installed. In 2020, Marczak and Citizen Lab uncovered another zero-click hack attributed to the NSO Group, which targeted several journalists on Al Jazeera. In this case, the hackers used Apple’s iMessage messaging service.

“None of the targets had anything they saw on their screens. So it was completely invisible and required no user interaction,” said Marczak.

With such a powerful tool at their disposal, Marczak said restarting your phone won’t do much to stop determined hackers. When you reboot, they may send another zero click.

“It’s just a different model, persistence through reinfection,” he said.

The NSA’s guide also acknowledges that restarting a phone only works sometimes. The agency’s guide to mobile devices has even simpler advice to really make sure hackers don’t snoop on your phone’s camera or microphone to record you: Don’t carry it with you.

Sign up for Daily Newsletters

Copyright © 2021 Washington Times, LLC.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *