NSA shares seven steps iPhone and Android users MUST take to protect themselves from secret smartphone hacks

Cybercriminals wait in the shadows of your smartphone, looking for vulnerabilities to carry out a covert attack.

Now, the National Security Agency (NSA) has offered iPhone and Android users seven ways to protect their devices and personal data.

The agency noted that these bad actors are using WiFi networks, smartphone apps and other loopholes to conduct cyber espionage, steal identities and deploy ransomware.

Because of these flaws, officials are urging users to update their devices, turn off WiFi when in public, and implement other protocols to keep hackers at bay.

Statistical reported that 353 million people had their data and personal information compromised in the US last year, including breaches, leaks and exposures.

These findings have made it more important than before to take steps to protect yourself from hackers breaking into your phone.

1. Update software and apps

The NSA advised users to update the software and apps on their smartphones to make devices more secure.

Hackers find secret ways to break into phones by looking for loopholes in the existing software, but with each update, companies remove any possible bugs they may have used to break into your phone.

Taking this step is one of the best ways to prevent hackers from accessing your data, with the added caveat that it only works on certain attacks, according to the NSA.

This method prevents cybercriminals from spying on calls, texts, and data and blocks most spearphishing attacks, where a cybercriminal sends targeted fraudulent emails to steal sensitive information such as login credentials.

It also helps prevent zero-click exploits, where the hacker downloads spyware to smartphones without ever clicking a link.

2. Only install apps from official stores

Smartphone users should be wary when installing apps and ensure they are only downloaded from official stores such as Google Play and the App Store.

Unofficial app stores include Aptoide, SlideMe, ACMarket, and Amazon Appstore.

Hackers often create a fake version of a legitimate app that gives them full access to your device once it is downloaded.

They can then install malware on your device and share your data with third parties.

By double-checking that the app and store are legitimate, you can prevent spear-phishing and the collection of audio, video, calls, texts, and data and prevent the hacker from gaining access to your device’s geolocation.

Last year alone, Google was forced to ban nearly 2.3 million apps from the Play Store and ban 333,000 bad accounts “for violations including confirmed malware and repeated serious policy violations,” the company said. reported in April.

This was a 60 percent increase from the year before, when it banned 1.4 million apps from the Play Store and banned 173,000 accounts.

3. Turn off WiFi and Bluetooth

Android and iPhone users should also refrain from connecting to public WiFi networks.

But NASA warned that users connecting to external networks should turn off Bluetooth when not in use.

Hackers are constantly looking for vulnerabilities and leaving the WiFi on makes the device susceptible to ‘KRACK’ attacks, also known as Key Reinstallation Attack.

This is a cyber attack that works by manipulating WiFi’s secure access through encryption keys to create a secure connection that allows them to steal data over the network when they are near their target.

Likewise, leaving your Bluetooth turned on can result in a ‘BlueBorne’ attack – when a hacker takes control of your device without any user interaction.

BlueBorne allows hackers to conduct cyber espionage, data theft or even a ransomware attack.

Public WiFi networks don’t have the same security as your home, leaving your smartphone exposed to serious risks of hackers stealing your identity and financial accounts.

Cybercriminals can set up WiFi networks similar to the one you want to use, such as ‘Cafe01’ instead of ‘Cafe1’, in the hope that you will accidentally connect to it.

Once you’re connected to the network, hackers can use online victim profiling to steal your identity and collect data from everything you type online.

They can also install malware on your device, which will allow them to continue accessing your phone’s data even after you disconnect from the Wi-Fi network.

According to a 2023 Forbes study40 percent of respondents said their personal data was compromised while using public Wi-Fi, mainly at airports, hotels or restaurants.

4. Use encrypted voice, text and data apps

Encrypted voice, text, and data apps can help prevent hackers from accessing your personal data by converting your communications into a code.

WhatsApp is one of the most popular encryption apps, followed by Telegram, which offers end-to-end encryption: a security method that keeps phone calls, messages, and other data private from everyone, including the app itself.

However, even encrypted apps are not 100 percent safe against attacks like WhatsApp, as they are vulnerable to zero-click exploits in 2019.

The exploit was caused by a missed call, which allowed the hacker to access the app and install malware on the device.

Zero-click attacks are among the most dangerous because the user does not have to click a malicious link or download a compromised file for their data to be targeted.

Kevin Briggs, an official at the US Cybersecurity and Infrastructure Security Agency, told the Federal Communications Commission (FCC) earlier this year that there had been “numerous incidents of successful, unauthorized attempts” to steal location data from cellphones in the US.

The hackers also tapped into voice and text messages and delivered spyware and text messages from abroad to influence American voters, Briggs reported.

5. Don’t click links or open attachments

The NSA warned Android and iPhone users about opening unknown email attachments and links in its Mobile Best Practices document.

“Even legitimate senders can transmit malicious content accidentally, or because they have been compromised or impersonated by a malicious actor,” the NSA wrote in the report.

Hackers can gain access to your personal information in two ways: by keylogging or by using a Trojan horse.

Keylogging works like a stalker that tracks your every move, allowing them to access information in real time as you type or surf the web and other apps – and even listen to your phone calls.

Trojan is an invisible malware used to extract important data including credit card information and your social security information if it is stored on your phone.

“Falling for social engineering tactics, such as responding to unsolicited emails requesting sensitive information, can result in account compromise and identity theft,” said Oliver Page, the CEO of cybersecurity company Cybernut. Forbes.

“These phishing attempts often impersonate legitimate entities, tricking individuals into disclosing confidential details,” he continued.

“Trusting calls or messages without verification can have serious consequences, as scammers manipulate victims into disclosing sensitive information or taking actions that compromise their safety.”

6. Restart your device every week

Smartphones should be turned off and on once a week to prevent zero-click exploits and spear phishing.

If users do not restart the system, a hacker can manipulate open URLs to execute code that installs malware on the device.

Turning off the phone will reset all open web pages and apps and log you out of bank accounts to prevent cybercriminals from accessing sensitive information.

This has the same result in spear phishing attacks, as it removes the ability of hackers to send targeted fraudulent emails because they do not have access to your personal information.

A 2015 Pew Research survey found that nearly half of all smartphone owners rarely or never turn off their cell phones. while 82 percent said they never or rarely restarted their phone.

While restarting your phone only sometimes prevents attackers from accessing your data, it makes hackers have to work harder to breach your phone’s defenses.

“This is all about imposing costs on these malicious actors,” Neal Ziring, technical director of the National Security Agency’s Cybersecurity Directorate, told me. The Denver Post in 2021.

7. Use a microphone drown box and cover the camera

Using a protective cover to drown out the microphone and block background noise could stop a “hot-micing attack,” the NSA said.

These cases have a microphone jamming system built into them that prevents unwanted eavesdroppers from hearing your conversations via apps or an external cyber attack.

It’s also important to cover the front and back cameras on both Androids and iPhones, as hackers can turn the mobile camera on and off and save media from your camera roll if they gain access to your phone.

You can cover the camera with a sticker, tape, or a camera case built into the housing to protect you from hackers watching your every move.

How do you know if you have been hacked?

There are some possible signs that your Android or iPhone has been hacked, such as if the camera light stays on even after you close the app, or if the app turns on unexpectedly.

Other signs that you’ve been hacked include your battery draining faster than normal, your phone running slowly or getting unexpectedly hot, apps suddenly quitting, or your phone seemingly turning off and on on its own, according to security. company, McAfee.

Users should also keep an eye out for any unknown text messages, data, or unknown charges on your phone bill.