Mobile Security Alert: NSA Recommends Weekly Smartphone Reboots

Share this blog

The National Security Agency (NSA) has issued a “Mobile Devices Best Practices” list, due to the rising threat of mobile malware. The agency strongly advises iOS and Android users to reboot their devices at least once a week. This recommendation follows the discovery that more mobile malware is being designed to remain in device memory.

Why do we need to turn off our phones?

Mobile malware can lurk in a device’s memory until it is rebooted. This type of malware includes viruses, trojans, adware, and spyware. Zimperium threat data reveals a 51% increase in unique malware samples detected by its zLabs research team, indicating a significant rise in successful point of entry to access a mobile device. 

Cybercriminals are constantly developing new ways to exploit vulnerabilities in mobile operating systems and apps, making it harder for security teams to keep up with the evolving attack surface. In a worst-case scenario, mobile malware can give cybercriminals complete access to mobile devices, where they can access private messages, contacts, location data, and much more. 

How does mobile malware spread? 

  • Malicious Apps and Downloads: Malware-infected mobile apps can be disguised as genuine or malicious. The infected app may ask users to grant certain permissions, allowing the attackers to gain access to sensitive information. 
  • Phishing or Social Engineering: Cybercriminals can use social engineering techniques to send messages or emails to users, tricking them into providing credentials or sensitive information. 
  • Supply Chain Attacks: Campaigns can spread mobile malware through the supply chain, as we have seen in malware installed on devices before shipping

In response to these escalating threats, the NSA advises that mobile device users restart their devices at least once a week to bolster their mobile security. By rebooting regularly, users can effectively clear their device’s memory, mitigating potential threats and enhancing overall security. As mobile threats continue to affect mobile-first organizations, these best practices are crucial in helping employees understand the risks to their personal and corporate information. 

How Can Zimperium Help? 

Zimperium Mobile Threat Defense (MTD) is designed to protect mobile-first organizations against advanced persistent threats, including mobile malware. MTD enables security teams to conduct thorough assessments of mobile risk and vulnerabilities, revealing the potential threats that mobile apps pose to both organizations and their employees. Additionally, Zimperium offers granular policy enforcement, enabling administrators to reinforce security best practices such as those recommended by the NSA. For instance, administrators can set a policy that prompts users to reboot their devices, especially if they have yet to do so within a week.  Leveraging Zimperium’s Mobile-First Security Platform, administrators can monitor the device’s uptime and trigger notifications to users if their devices remain active for over 24 hours, encouraging timely reboots. This proactive approach proves invaluable, particularly for organizations with employees who may be high-priority targets for malicious actors. 

Contact us for more information on how Zimperium MTD can help you align with the NSA’s mobile security best practices. 

Avatar photo
Author: Zimperium

Get started with Zimperium today