In a report on best practices for mobile devices, the NSA (United States National Security Agency) offered a series of tips designed to prevent hackers and attackers from appropriating information stored on your cell phone. The basic recommendation is to turn the smartphone off and on again at least once a week, as this simple act can be key to protecting the device from many vulnerabilities. The document lists about a dozen tips, including “consider the use of biometrics” and “only use original charging cables”.
Although many of these tips may sound elementary, the recommendation to reboot your computer weekly caught a lot of attention. The NSA warned that threats to mobile devices are becoming more frequent and increasing in scope and complexity. Some features on smartphones provide convenience and capability, but sacrifice security. Restarting the device regularly may help reduce the risks of zero-click exploits and malware delivered via spear-phishing attacks.
The term “zero-day” refers to when developers have no days’ notice to create a security update, leaving users exposed to potential attacks. The NSA advises phone users to turn off Bluetooth when not in use, update the device as soon as possible when operating system and app updates are available, and turn off location services when they are not needed. It is also recommended to use PIN and “strong” screen lock passwords, with a minimum of six digits, and set the smartphone to automatically wipe after 10 incorrect attempts and automatically lock after 5 minutes of inactivity.
Manufacturers like Samsung and OnePlus have integrated functions into their terminals that allow scheduled reboots. While Google’s Pixel phones do not have this option, they automatically reboot after receiving an over-the-air (OTA) software update. iPhone users can set up an automation to restart their device periodically. The NSA also warns against opening email attachments and links, even when the sender appears legitimate, as they can pass on malicious content without realizing it or because their accounts are compromised.