PFirst tip: turn off the phone.
Second tip: turn the phone back on.
That’s all. As digital insecurity seems more pervasive than ever, it looks like the oldest known method of fixing a technological glitch – turning off the device, turning it back on – may defeat hackers who want to steal information stored in them. smart phones.
Regularly restarting phones will not be enough to completely block cybercriminals or private spy firms who are wreaking havoc and doubt on the security of our most confidential data. But even the most sophisticated hackers may then have to work a little harder to get hold of our digital gems.
“It’s about making these malicious actors pay the price,” said Neal Ziring, technical director of the Office of Cyber Security at the United States National Security Agency (NSA).
The NSA released a “best practices” guide to keeping our devices safe last year. In particular, it is recommended to restart a phone once a week to counter hackers.
Senator King, an independent from Maine, assures us that this is now part of his habits. “I would say probably once a week, when I think about it,” he said.
Always close at hand, rarely turned off and chock full of personal and sensitive data, cell phones have become a prime target for hackers who want to steal texts, contacts and photos, track users or even secretly turn on the phone. microphone or camera.
“I still see phones as our digital soul,” said Patrick Wardle, a former NSA member.
The number of people whose phones are hacked each year is unknown, but it is likely very high. A recent investigation into the subject caused panic in France, Hungary, India and elsewhere, when its authors found that dozens of journalists, human rights activists and politicians may have been targeted by an Israeli firm. private.
The advice to periodically restart a phone stems, in part, from how hackers are now trying to gain access to content. New tactics require no interaction with the user of the device, so hackers don’t have to convince their victim to click on a malicious link.
“You get away from having to convince the target to click on a questionable link,” said Bill Marczak, a researcher at the Citizen Lab at the University of Toronto.
Typically, once hackers gain access to a device or network, they seek to gain a permanent foothold by installing malware into the computer’s root file system. But it gets more and more complicated, as giants like Apple and Google erect higher and higher barriers to protect the core of their devices, Ziring said.
“It’s very difficult for a pirate to get there to get embedded,” he explained.
Hackers therefore adopt strategies called “in-memory payloads”, which are more difficult to detect and trace. But these attacks can’t survive a device restart – which isn’t a big deal, since users hardly ever turn their phones off.
“The opponents have come to realize that they don’t need a permanent presence,” said Wardle. If they can sneak in just once and get all your texts and all your contacts and all your passwords, the game is pretty much over, right? “
A robust market currently exists for computer hacking tools that can infiltrate a phone. More and more private firms are also offering their services to governments or law enforcement agencies. The best known is the Israeli NSO Group, whose software is said to have been used around the world to spy on the phones of human rights activists, journalists and even members of the Catholic clergy.
The NSO Group’s Pegasus tool was reportedly used in 37 successful and unsuccessful hacking attempts against the phones of business people, human rights activists and others, according to The Washington Post.
The NSO Group assures that it sells its software only to government agencies that fight against terrorists or criminals. A few years ago, NSO offered law enforcement a phone hack tool that would have survived even a factory reset of the device, according to documents obtained by Vice News.
The company did not respond to a request for comment.
On the Internet: