Pope Francis' 'final miracle' is hailed as Trump and Zelensky meet in the Vatican and US president turns AGAINST Putin for 'stringing him along' over peace plan
French First Lady Brigitte Macron deviates from Pope's funeral dress code by not wearing a head covering - as other female mourners opt for black veils
The world leaders who got their phones out and took photos as Pope Francis's coffin was carried away... while others showed their respect
Trump devotee seizes on Virginia Giuffre car crash as she questions claim Epstein victim died by suicide
How autism could be beaten with a 10p vitamin pill. A top doctor tells ETHAN ENNALS his breakthrough... and how just two weeks after treatment non-verbal Ryan said 'I love you Dad' for first time
PETER HITCHENS: You've been fed propaganda nonsense about Ukraine and the invented Russian menace. These are the lies you've been told
JoJo Siwa DUMPS partner Kath Ebbs at Celebrity Big Brother afterparty - after growing extremely close to Chris Hughes
Chilling new details about Virginia Giuffre's final moments before suicide aged 41 - as those closest to her break cover at her $1.9million mansion
Chris Eubank Jr vs Conor Benn Live: Start time, undercard, scorecard and round-by-round updates as Chris Eubank Sr arrives with his son for bitter grudge match after branding him 'a disgrace'
Doctor's guide to fighting rosacea: The cruel unsightly condition can be beaten with little-known treatments that really help, tells DR ELLIE
These four UK tech stocks are undervalued and their technology is world-class. Canny investors are taking notice... you should too: MIDAS
How common is YOUR wedding day? Use our tool to find out how many couples you share your anniversary with...
Woman, 26, who hasn't cooked a meal in 10 years, says she spends £500 a week on takeaways
LIZ JONES: Meghan's glamorous mask had slipped... and this is the ugly truth it's exposed
I blew my nose and spotted the ONLY sign of cancer that had spread to my breasts, liver and lungs - now I'm running out of time
The first sign of blood cancer that left me fighting for my life was bruises on my leg - these are the signs that you must never ignore
BBC licence fee is unenforceable and unfairly targets vulnerable women, says culture secretary Lisa Nandy of the £174.50 annual charge
I'm a plus-sized woman travelling in Asia - it's a beautiful part of the world but locals constantly taunt me about my weight
Blake Lively and Ryan Reynolds pack on the PDA and put on a VERY animated display as they watch Wrexham AFC win promotion in Wales
Olly Murs admits he is 'devastated' for 'letting fans down' as he is forced to cancel TWO gigs last minute
Shocking twist in Ryan Giggs brother cuckolding scandal, revealed by KATIE KNIGHT - and final humiliation of the sordid saga
Prince Andrew's ex Lady Victoria Hervey sparks fury with vile post about Virginia Giuffre after her suicide
I work on A Place In The Sun - there is a really disgusting moment from the show that will never see the light of day
Georgia Harrison is pregnant! Love Island star reveals she's expecting her first child with boyfriend Jack Stacey

The NSA suggests rebooting your phone weekly as a defense against hackers
It's not foolproof, but it makes them work harder to gain and maintain access
The agency also suggests not taking your phone everywhere, preventing hackers from spying via its camera and microphone
Cyberattacks have evolved from phishing with rogue links to zero-click exploits that don't require victims to do anything
Zero-click attacks can't survive a reboot, but so few people turn their phones off

By ASSOCIATED PRESS and DAN AVERY FOR DAILYMAIL.COM

Published: 06:39 BST, 28 July 2021 | Updated: 20:04 BST, 28 July 2021

e-mail

128

View
comments

One of the best things you can do to protect your smartphone from hackers is also one of the easiest, according to the National Security Agency: Turn it off and then turn it back on again.

Regularly rebooting your phone won't completely stop cybercriminals or spy-for-hire firms from accessing your private data, the agency says.

However, it can make them work harder to maintain access and steal data from your phone.

'This is all about imposing cost on these malicious actors,' Neal Ziring, technical director of the NSA's cybersecurity directorate, told the Associated Press.

Last year, the NSA issued a 'best practices' guide for mobile device security and recommended rebooting your phone weekly as a defense against hacking.

In guidelines released in 2020, the National Security Agency advised rebooting your phone at least once a week could help deter hackers

Maine Sen. Angus King, a member of the Senate Intelligence Committee, said rebooting his phone is now a regular part of his routine.

'I'd say probably once a week, whenever I think of it,' said King, an independent.

Our phones are almost always in arm's reach, rarely turned off and hold huge stores of personal and sensitive data.

'I always think of phones as like our digital soul,' said Patrick Wardle, a security expert and former NSA researcher.

The new wave of zero-click spyware doesn't even need victims to click on links or pick up a call to garner access to texts, photos, contacts, GPS and more

They've become top targets for hackers looking to snatching sensitive text messages, contact info and photos, to tracking users' locations and even secretly turning on their video and microphones.

The NSA's guide also has advice if you want to ensure hackers aren't spying on you via on your phone's camera or microphone: Don't take it with you everywhere.

HOW DOES PEGASUS WORK?

Pegasus is a powerful piece of 'malware' - malicious computer software - developed by private Israeli security firm NSO Group.

This particular form of malware, known as 'spyware', is designed to gather data without the owner's knowledge and forward it on to a third party.

While most spyware is limited in scope, Pegasus appears much more powerful—allowing its controller near-unlimited access to and control over an infected device, including contact lists, emails, and texts, along with stored photos, videos and audio files.

Pegasus can also be used to take control of the phone's camera or microphone to record video and audio, and can access GPS data to check where the phone's owner has been.

And it can also be used to record any new incoming or outgoing phone calls.

In 2019, WhatsApp revealed that 1,400 people had been infected by NSO Group software using a so-called 'zero day' fault - a previously unknown error - in the call function of the app.

Users were infected when a call was placed via WhatsApp to their phones, whether they answered it or not.

More recently NSO has begun exploiting vulnerabilities in Apple's iMessage software, giving it backdoor access to hundreds of millions of iPhones.

Apple says it is continually updating its software to prevent such attacks, though human rights group Amnesty says it has uncovered successful attacks on even the most up-to-date iOS systems.

A recent investigation into phone hacking by a global media consortium has caused political uproars in France, India, Hungary and elsewhere.

Researchers found scores of journalists, human rights activists and politicians on a leaked list of what were believed to be potential targets of an Israeli hacker-for-hire company, NSO Group.

The advice to periodically reboot a phone reflects, in part, a change in how top hackers are gaining access to mobile devices and the rise of so-called 'zero-click' exploits that work without any user interaction.

'There's been this evolution away from having a target click on a dodgy link,' said Bill Marczak, a senior researcher at Citizen Lab, an internet civil-rights watchdog at the University of Toronto.

Typically, once hackers gain access to a device or network, they look for ways to persist in the system by installing malicious software to a computer's root file system.

But that's become more difficult as phone manufacturers such as Apple and Google have beefed up security to block malware from core operating systems, Ziring said.

'It's very difficult for an attacker to burrow into that layer in order to gain persistence,' he added.

That encourages hackers to opt for 'in-memory payloads' that are harder to detect and trace back to whoever sent them.

Such hacks can't survive a reboot, but often don't need to since many people rarely turn their phones off.

'Adversaries came to the realization they don't need to persist,' Wardle said. 'If they could do a one-time pull and exfiltrate all your chat messages and your contact and your passwords, it's almost game over anyways, right?'

A robust market currently exists for hacking tools that can break into phones. Some companies, like Zerodium and Crowdfence, publicly offer millions of dollars for zero-click exploits.

Even iPhones, touted for their improved security, are not immune: In a damning report, Amnesty International and Paris-based Forbidden Stories claimed they found zero-click attacks running on a journalist's fully updated iPhone 12 using iOS 14.6, Apple's most recent upgrade.

Additionally, hacker-for-hire companies that sell mobile-device hacking services to governments and law enforcement agencies have proliferated in recent years.

Experts say Israeli-based NSO Group's zero-click Pegasus spyware, reputedly intended for law-enforcement agencies and vetted government agencies,' has been used to hack the phones of human rights activists, journalists, Catholic clergy and others

The best-known is the Israeli-based NSO Group, whose spyware researchers say has been used around the world to break into the phones of human rights activists, journalists and Catholic clergy.

NSO Group is the focus of the recent exposés by a media consortium that reported the company's spyware tool Pegasus was used in 37 instances of successful or attempted phone hacks of journalists, business executives, human rights activists and others, according to The Washington Post.

The company is also being sued in the US by Facebook for allegedly targeting some 1,400 users of its encrypted messaging service WhatsApp with a zero-click exploit.

NSO Group, which said it only sells its spyware to 'vetted government agencies' for use against terrorists and major criminals, did not respond to a request for comment.

The persistence of NSO's spyware used to be a selling point of the company: Several years ago its US-based subsidy pitched law-enforcement agencies a phone-hacking tool that would survive even a factory reset, according to documents obtained by Vice News.

But Marczak, who has tracked NSO Group's activists closely for years, said it looks like the company first starting using zero-click exploits that forgo persistence around 2019.

He said victims in the WhatsApp case would see an incoming call for a few rings before the spyware was installed.

In 2020, Marczak and Citizen Lab exposed another zero-click hack attributed to NSO Group that targeted several journalists at Al Jazeera using Apple's iMessage texting service.

'There was nothing that any of the targets reported seeing on their screen. So that one was both completely invisible as well as not requiring any user interaction,' Marczak said.

With such a powerful tool at their disposal, Marczak said, rebooting your phone won't do much to stop determined hackers—they could simply send another zero-click.

'It's sort of just a different model, it's persistence through reinfection,' he said.