Threats

Malware is a core topic among cybersecurity teams and experts seeking to design ways to prevent infections, and attackers from achieving their ultimate goals. Once a device is infected, users have to rely on malware scanners or Endpoint Detection and Response (EDR) solutions to detect the malicious files and delete them - or do they? 

While in most cases, the answer to this question is yes, some modern strains of malware are "fileless", meaning they do not store any files on the local system. These malware attacks either cannot or do not attempt to install any means for persistence such as adding an item to the system task scheduler or adding Autorun Keys to the registry. Only operating in a device's memory can help avoid detection by simple file-based malware scanners. In these cases, rebooting the device will refresh the OS and all running apps, and reassign the memory locations of the fileless malware process. We will also cover some related security facts and review the FCC's Ten Steps to Smartphone Security.

In this article, we will review an advisory from the US National Security Agency (NSA) suggesting that users should regularly restart their phones to eliminate spyware that may have gained a foothold on the device. 

NSA Advises Power Cycling Mobile Devices Regularly

A 2021 mobile device best practices advisory published by the NSA suggests that eradicating fileless malware is as easy as restarting the infected device - once a week is suggested. Even users who are extremely cautious about which apps they install and impervious to phishing attacks may be vulnerable to  'zero-click' hacks, a sophisticated form of cyberattack that infiltrates phones without user interaction. Zero click attacks may infect a device even without requiring a malicious link to be clicked or trojanized document to be opened, gaining access to devices unnoticed. 

By rebooting, all running apps and background processes are terminated, which disrupts potential malicious activities. If once a week is suggested, restarting more often such as nightly could also have an even greater impact on reducing the dwell time of spyware. Additionally, updating software and apps is crucial as it eliminates vulnerabilities that hackers exploit. Disabling Bluetooth when not in use and deleting unused networks further reduces exposure to cyber threats. While these steps don't guarantee complete protection, they significantly enhance mobile device security against evolving cyber threats. 

Auto Restarting Your Device Is An Option

One significant drawback to implementing this advice as policy is that neither Android or iOS offer a built-in system setting to schedule automatic device reboots. However, some mobile device manufacturers such as Samsung have implemented custom tools for automatically restarting a device, and some workarounds seem to exist, users typically need to manually restart their mobile devices if they want to implement a regular rebooting schedule for security or performance reasons. Unfortunately, this lack of widespread native support is a barrier for easily implementing a technical control to automate this basic security measure.

Mobile Devices Are Not the Only Vulnerable Ones

Desktop computers, peripherals such as printers, scanners, IoT devices, and multi-functional devices are also vulnerable to malware, and indeed they are also vulnerable to zero-click and fileless strains of malware. Implementing this basic security measure, at least for desktops, is much easier since they have mature automatic shutdown and startup processes for macOS, Linux, and Windows. The same may not always be true for peripherals and IoT devices. 

Additional Best Practices For Smartphone Security

Numerous mobile device advisories and best practices are available from US government entities, and consulting them can help prepare decision makers to architect strong corporate mobile device policies.  Here is a bucket list of US government security advisories for mobile devices and a selected review of some of the most important items.

• Protecting Portable Devices: Physical Security, (CISA, 2011 - revised 2019)

• Ten Steps to Smartphone Security for Android, (FCC, 2015)

• Securing Wireless Devices in Public Settings, (NSA, 2021)

• Mobile Device Cybersecurity Checklist for Consumers, (CISA, 2021)

• How to Communicate Securely on Your Mobile Device, (CISA)

• Privacy and Mobile Device Apps, (CISA, 2022)

• Mobile Cybersecurity Shared Services, (CISA)

• Traveler-Verified Information Protection (T-VIP), (CISA)

Here is a quick summary of the most important security measures from the above linked advisories:

• Wireless security precautions: Do not connect to public wireless networks and disable WiFi completely when not using it. If you must connect to untrusted networks, use a VPN with strong encryption. Disabling Bluetooth when not actively using it can reduce the chance of unauthorized access to devices via zero-day vulnerabilities in Bluetooth firmware.

• Use Strong device authentication settings:  Optimally, configure biometric authentication for unlocking your device.  Alternatively, be sure to set a strong password or PIN with a minimum of 6 digits and a short wait time to lock your device. Be sure to enable app-specific authentication when for sensitive apps (like email and banking) and use different passwords for each service. Also, enable SIM card passwords if supported by your device.

• Physical security: Maintain possession of your device at all times, and only plugin trusted accessories.  Use a data-blocker to prevent data connections to your device when plugging into an untrusted power source, or device for charging. Some protective cases can block cameras and muffle microphones to prevent infected devices from exfiltrating photos, video, or audio. Disable location services on the device level if possible and only share location information if required on the app level, while using the app.

• App security: Before downloading any app, check reviews and only use the default trusted app stores. Apps from untrusted sources may contain malware that can compromise your phone's security and privacy.Be cautious when granting apps access to personal information or device functions. Review and adjust privacy settings for each app before installation to minimize potential risks. Never jailbreak or root your device, and only install apps from an official app store. 

• Keep software updated: Regularly update your phone's operating system and applications to protect against cybersecurity threats. Enable automatic updates or install patches promptly when notified by your service provider, device manufacturer, or app developer.

• Data security: Before donating, reselling, or recycling your old phone, ensure all personal data is wiped clean. Reset the phone to its factory settings to protect your privacy and prevent unauthorized access to your personal information. Safeguard all data stored on your phone, such as contacts, documents, and photos, by regularly backing it up to your computer, a removable storage card, or cloud storage.

• Prepare for a lost or stolen smartphone: In case of theft, report it to local law enforcement and register the stolen phone with your wireless provider. This action notifies major wireless carriers to prevent activation on any network without your permission, safeguarding your data from unauthorized use. Install security apps that offer remote device location tracking and data wiping capabilities. These apps can help locate a lost phone, remotely erase data, and activate alarms, even if the phone's GPS is disabled.

Conclusion

The 2021 advisory from the NSA underscores the importance of regular device restarts to mitigate the risk of sophisticated cyberattacks in addition to a host of other good mobile device security advice. By restarting at least once per week, users can disrupt malicious activities of 'zero-click' and 'fileless' malware that exploit vulnerabilities in software. Other measures such as updating software, disabling unused features like Bluetooth, and adopting secure browsing habits are also advised to maintain the highest degree of security posture for mobile devices and education programs for employees should be used to create awareness and set acceptable use policies. 

While most mobile devices lack built-in auto-restart capabilities, some workarounds exist. Otherwise manual scheduling can be used to implement this security practice effectively. Ultimately, proactive steps like these play a crucial role in safeguarding mobile devices against evolving threats.