How wise is the NSA’s zero-click threat advisory in 2024?
Comedy fans may recognize “have you tried turning it off and on again” from the British sitcom The IT Crowd. But what if the National Security Agency told all smartphone users to do this? And, more importantly, if you follow that advice, will you be safe from malware and spyware in 2024 and beyond?
Advice from the NSA: Turn it off and then on again
The NSA’s original warning was published in 2020 in a best practices guide for mobile devices. As smartphones running all operating system platforms become an increasingly popular target for threat actors of all sizes, the NSA said that “many of the features provide convenience and capabilities, but sacrifice security” and tried to lay out simple steps that even the most technical users could take to better protect their devices and the data stored on them. Earlier this year I reported on the NSA advisory, and that article has generated numerous responses to this day. Security experts and smartphone users have thanked me for bringing the warning to their attention, and outraged me for not delving deeper into what a restart won’t help protect people from. All of these opinions are valid, of course, and this article was written in the hope of providing further clarification.
Let’s start by saying that I have nothing but praise for the document that the NSA published; The advice is not only sage, but also presented in such a way that it is clear to all listeners. The NSA took a pictorial approach, using an icon-based alert system that informed the reader what to avoid, disable, do, and not do. Do’s include using strong PIN codes and passwords, biometric locks and regular software updates. The advice does not cover rooting or jailbreaking your phone, clicking on unknown links or opening unknown attachments, and so on. But it’s the power off icon that piqued my interest the most, especially when it came to turning off the power by turning the device off and on again weekly.
The second page of the infographic-heavy advisory document took a more tabular approach to alert smartphone users of things they should do regarding threat mitigation. This time the iconography was divided between sometimes prevents and almost always prevents. When you restart your smartphone regularly, we recommend that you use it as it sometimes prevents spear phishing (to install malware) and zero-click exploits. It was therefore never a panacea or a one-size-fits-all security wonder.
Will you need to restart your smartphone regularly in 2024?
The short answer to the question of whether you should restart your smartphone every week in 2024 is no. But necessity does a lot of the heavy lifting in that area. From a security perspective, a restart will still remove the threat of non-persistent malware, that is, a threat that cannot survive a restart. I know this is pretty obvious, but it needs to be said. There is a lot of malware that fits into this category, and not all of it comes from the least sophisticated or sophisticated threat actors.
When spyware hit the headlines for all the right reasons, with nation states using sophisticated software like Pegasus to infect both Android and iPhone devices, reports suggested that it shifted from persistence to a reliance on re-exploiting binary payloads after a reboot. This reliance on malware in memory, rather than being written to persistent storage, is another way to prevent surveillance traces from being left behind during such sophisticated attacks.
“As long as people regularly update their devices as new operating system versions are released,” says Jake Moore, global cybersecurity evangelist at ESET, “devices will remain healthy and protected. However, it is a good idea to restart your phone regularly, but more for battery reasons than security.” Moore is right when he says that a quick restart can often resolve performance and connection issues. However, that doesn’t mean safety reasons for reboots are completely off the table. “Zero-click malware is a recurring problem for both Apple and Android operating systems,” says Moore, “but it is generally identified and addressed quickly. Once this is detected, a patch is developed and a new update is released to mitigate the threat.”
There is no definitive answer when it comes to the voracity of the NSA warning and restart recommendation, but erring on the side of caution should never be underestimated in my humble opinion. There’s an interesting discussion on Stack Exchange that sums things up quite nicely: the long answer is that it depends on what your handheld has done since the last restart, while the short answer is on average, restarting reduces vulnerability. Rebooting has few if any downsides, so why not reboot regularly? I’m on the side of the NSA on this one.
