Featured Image Credit: Surasak Suwanmake / Jose Luis Pelaez Inc / Getty
Officials have issued a warning to all iPhone and Android users after an uptick in ‘zero-click’ exploits.
Unlike common forms of malware, zero-click attacks are pretty sophisticated and don’t require victims to click on suspicious links.
Instead, cybercriminals can hack into your phone’s system and install malicious software by simply exploiting flaws in the system.
Advert
They can do this by making use of data verification loopholes and often utilise messaging or voice calling apps, as per cybersecurity company Kaspersky.
By tapping into these apps, attackers can inject code through image files, authentication requests, email attachments and even manipulate open URLs.
Due to the surging popularity of smartphones and various social media apps, iPhone and Android users are being warned to stay on high alert.
As these attacks rise, the National Security Agency (NSA) has detailed a way that potential victims can thwart zero-click attempts and methods they can use to keep their data safe.
The NSA has recently released this information as part of a comprehensive report, entitled Mobile Device Best Practices.
“Threats to mobile devices are more prevalent and increasing in scope and complexity,” the agency writes.
“Users of mobile devices desire to take full advantage of the features available on those devices, but many of the features provide convenience and capability but sacrifice security.”
The two-page document advises tech users on various safety measures, including the reboot method.
NSA states that turning your mobile device off and on again will prevent hackers from accessing your sensitive information.
Doing a hard reboot on your phone will force all apps to close, your social media accounts to be logged out and opened URLs will be unable to be exploited.
Moreover, this simple tactic will also mitigate any impending spear-phishing attacks.
This type of exploit sees hackers attempting to steal information such as login credentials through social engineering techniques.
As per CrowdStrike, these attempts often see criminals urging victims to click on malicious links and download attachments.
As well as advising Apple and Android users to reboot their devices on a weekly basis, the NSA has detailed some more methods to prevent zero-click scams.
The agency advises that Bluetooth should be disabled whenever you’re not using it and that you should avoid connecting to public Wi-Fi networks.
Mobile phone users should also employ a strong six-digit PIN number and consider using Biometrics such as face authentication or fingerprint unlocking.
Users are also advised to forgo using public USB charging stations and should disable location services when not in use.
The NSA document also states that users should frequently update their devices with the latest technology as older software is easier for hackers to manoeuvre through.
While this new advice is not 100 percent effective, the agency stated that it should provide barriers to a variety of malicious activities.
Elsewhere, The Federal Communications Commission (FCC) has previously warned mobile phone users against dismantling security settings.
“Tampering with your phone's factory settings, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone while making it more susceptible to an attack,” they wrote.
