American lawmaker Angus King is a member of the Senate Intelligence Committee. He received some advice this year by security staff on how to keep his cellphone safe from hackers.
Step One: Turn off phone.
Step Two: Turn it back on.
That is it. At a time of widespread digital insecurity, it turns out that the oldest and simplest computer fix can stop hackers from stealing information.
Restarting phones will not stop the army of digital criminals or spy-for-hire companies. But it can make even the most complex hackers work harder to keep entry and steal data from a phone.
Neal Ziring is the technical director of the National Security Agency's (or NSA) digital security division. He said the advice is to make it more costly for hackers to steal data.
The NSA recommends restarting a cellphone every week to prevent hacking. The recommendation was part of a guide for mobile digital security that the agency put out last year.
Cellphones are always close by, rarely turned off, and hold huge amounts of personal data. Cellphones have become top targets for hackers looking to steal messages, contacts, and pictures. Cellphones also can be used to find out where users are physically. Hackers can even turn on a phone's camera and microphone.
It is not known exactly how many people's phones are hacked each year. But a recent investigation by a group of worldwide media agencies found that over 1,000 reporters, human rights activists, and politicians were believed to be possible targets of an Israeli hacker-for-hire company. This has caused political disorder in France, India, Hungary, and elsewhere.
Top hackers are now gaining entry to personal devices without any user action, instead of through a method like the common "open this link" trick.
Normally, once hackers gain entry to a device or network, they look for ways to stay in the system. They do this by placing harmful programing into a computer's root file system. But Ziring said that is becoming more difficult, as phone manufacturers like Apple and Google have stronger security systems to block such actions.
This has led hackers to use a sort of hacking called "in-memory payloads," which are harder to find in the phone. Such hacks cannot survive a restart. But because many people restart their phones so rarely, the hackers can get all the information needed.
A large market currently exists for hacking tools that can break into phones. Some companies like Zerodium and Crowdfence publicly offer millions of dollars for hacks that do not need user interaction.
目前存在着一个可以侵入手机的黑客工具的巨大市场。像Zerodium 和 Crowdfence等一些公司公开悬赏数百万美元寻找无需用户交互行为的黑客攻击工具。
Hacker-for-hire companies that sell hacking services to governments and law agencies have increased in recent years. The most well known is the Israel-based NSO Group. Their hacking programming has reportedly been used around the world to break into the phones of activists, reporters, and religious leaders.
Facebook has brought NSO Group to court for possibly targeting about 1,400 users on its messaging service WhatsApp with hacking programing.
NSO Group said it only sells its programing to "vetted government agencies" for use against terrorists and major criminals. The company did not answer a request for comment from Associated Press reporters.
Documents gained by Vice News found NSO's U.S.-based company advertised a powerful phone hacking tool to law enforcement agencies. The tool could even survive a factory reset – when all user data from a phone is removed.
The NSA's guide for mobile digital security notes that restarting a phone only works sometimes. The agency's guide for personal devices has a simple piece of advice to make sure hackers cannot record you from your phone: do not carry it with you.
I'm Gregory Stachel.