![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Australian PM says to turn your phone off and on every night to improve cybersecurity
This is, surprisingly, a good idea.
There are two types of malware threats with smartphones: persistent threats and non-persistent threats. A persistent threat is very hard to achieve on smartphones running the latest OS and fully-patched. Not impossible, but very hard. You would probably need to be a high-value individual, journalist or military or government official. Something like that. It's also expensive. The bad guys are looking at buying zero-day exploits - software flaws that are not yet known to the phone vendors and thus are unpatched - and those can cost a half million dollars or more to buy.
Non-persistent threats are different. These are newish and a common form is what's known as a zero-click exploit, achieved through sending someone a message in email or text that looks normal but actually is a web page with embedded code that activates an exploit.
There's a big difference between the two. The non-persistent threats vanish after a reboot! Power-cycle the phone, or turn it off for five minutes to let the memory completely drain, and it's gone like it had never been there. And these threats are much more widely seen than persistent threats: visit the wrong web site, or have your email address compromised to certain people, and you're targeted.
And all you need to do is power off your phone for five minutes, and no more threat.
https://www.theguardian.com/technology/2023/jun/23/turn-your-phone-off-every-night-for-five-minutes-australian-pm-tells-residents
This Stackexchange post goes a little deeper into how this works for purging non-persistent threats:
https://security.stackexchange.com/questions/270904/does-rebooting-a-phone-daily-increase-your-phones-security
Now, there's an interesting twist that some non-persistent threats use to keep you from rebooting, and you're going to say something like 'Damn, these people are evil!' when you read this: fake power-off screens and dialogs! It looks like your phone is powering down and rebooting, but it's just screens and dialog presented by the program because it intercepted the power off key signal.
https://yro.slashdot.org/story/23/06/26/1237237/turn-your-phone-off-every-night-for-five-minutes-australian-pm-tells-residents
There are two types of malware threats with smartphones: persistent threats and non-persistent threats. A persistent threat is very hard to achieve on smartphones running the latest OS and fully-patched. Not impossible, but very hard. You would probably need to be a high-value individual, journalist or military or government official. Something like that. It's also expensive. The bad guys are looking at buying zero-day exploits - software flaws that are not yet known to the phone vendors and thus are unpatched - and those can cost a half million dollars or more to buy.
Non-persistent threats are different. These are newish and a common form is what's known as a zero-click exploit, achieved through sending someone a message in email or text that looks normal but actually is a web page with embedded code that activates an exploit.
There's a big difference between the two. The non-persistent threats vanish after a reboot! Power-cycle the phone, or turn it off for five minutes to let the memory completely drain, and it's gone like it had never been there. And these threats are much more widely seen than persistent threats: visit the wrong web site, or have your email address compromised to certain people, and you're targeted.
And all you need to do is power off your phone for five minutes, and no more threat.
https://www.theguardian.com/technology/2023/jun/23/turn-your-phone-off-every-night-for-five-minutes-australian-pm-tells-residents
This Stackexchange post goes a little deeper into how this works for purging non-persistent threats:
https://security.stackexchange.com/questions/270904/does-rebooting-a-phone-daily-increase-your-phones-security
Now, there's an interesting twist that some non-persistent threats use to keep you from rebooting, and you're going to say something like 'Damn, these people are evil!' when you read this: fake power-off screens and dialogs! It looks like your phone is powering down and rebooting, but it's just screens and dialog presented by the program because it intercepted the power off key signal.
https://yro.slashdot.org/story/23/06/26/1237237/turn-your-phone-off-every-night-for-five-minutes-australian-pm-tells-residents