The smartphone security advice from the National Security Agency to turn it off and on again every week just won’t go away. Although the advice was initially penned in 2020 as part of a broader guide to mobile device best practices, the weekly reboot warning keeps returning to haunt us. But just how relevant is it in 2024, and should iPhone and Android smartphone users be doing what the NSA said? Let’s take a closer look.
The NSA Mobile Device Best Practices Infographic And Advice Sheet
The warning to smartphone users, first published in 2020, was actually just a small part of an infographic with the title of Mobile Device Best Practices. In all, the NSA managed to squeeze 16 pieces of advice to help smartphone users better protect their devices and the information contained upon or accessible from them, which was no mean feat. However, it also required the advice to be broad-ranging while at the same time brief in description. I mention this by way of background and not because I think the NSA has done anything wrong here. The opposite, in fact, is true: the NSA did a very good job indeed for the time and given the space restrictions. I also think the turn it off and on again advice has been blown out of all proportion in comparison to the rest of the NSA infographic which seems to be all but ignored. Not that all the advice stands up to closer inspection as we speed toward 2025.
I don’t think people need to disable Bluetooth when they are not using it, nor do I think that connecting to public Wi-Fi is inherently dangerous. The general consensus among cybersecurity professionals out here in the real, everyday, world would seem to agree. Maintaining physical control of your smartphone, using strong passwords and PINs, installing software updates as soon as possible and the use of system biometrics, yep, agree with all of that. As for not opening unknown email attachments and links or clicking on unexpected pop-ups, well, that advice is a given. Which pretty much leaves us where we started, with rebooting your smartphone every week.
Do You Need To Reboot Your Smartphone Weekly Like The NSA Said?
Ian Betteridge is a friend of mine, a British tech journalist with as many years as myself under his belt. I don’t have an adage named after me, though, whereas there is Betteridge’s law of headlines. This states that “any headline that ends in a question mark can be answered by the word no.” This is a long-winded way of saying no; you don’t have to reboot your smartphone every week, but it won’t do any harm if you do.
The NSA advice itself needs to be looked at in context, and that means referring to the table that comes as an addendum to the infographic. Turning your device off and on weekly, this stated, can be used to prevent or mitigate spearphishing to install malware and/or zero-click exploits. There is some truth in that, or there likely was in 2020 but not so much now. While up-to-date smartphones have protections against malware being retained in memory, so it would likely not survive a reboot, and that’s the gist of the advice, whatever caused it to be written there in the first place is a different matter entirely. Without knowing the root cause, no pun intended, a malicious app or connection to a web application could just start the whole process again.
“As long as people are regularly updating their devices when fresh operating system versions are released,” Jake Moore, global cybersecurity evangelist with ESET, said, “devices will remain healthy and protected. It is, however, a good idea to reboot your phone on a regular basis but more for battery reasons over security.”
While there are many reasons why the NSA advice is not as clear cut as it was back in 2020, and perhaps not even then, I’m of the opinion that there’s no harm, no foul in rebooting, so why not? Just don’t imagine it is some magic elixir that will make all your security problems go away and forget to maintain a healthy skepticism when it comes to social engineering and other threat tactics.
Read the full article here
