NSA shares seven steps iPhone and Android users MUST take to protect themselves from secret smartphone hacks

Cybercriminals are waiting in the shadows of your smartphone, looking for vulnerabilities to launch a secret attack.

Now the National Security Agency (NSA) has provided seven ways for iPhone and Android users to protect their devices and personal data.

The agency noted that these bad actors are using WiFi networks, smartphone apps and other loopholes to conduct cyber espionage, steal credentials and deploy ransomware.

Because of these flaws, officials are urging users to update their devices, turn off WiFi when in public and perform other protocols to keep hackers at bay.

Statista reported that 353 million people’s data and personal information were compromised in the US last year, including breaches, leaks and exposures.

These findings have made it more important than ever to take steps to protect yourself from hackers breaking into your phone.

1. Update software and applications

The NSA advised users to update the software and apps on their smartphones to make the devices more secure.

Hackers find secret ways to break into phones by looking for loopholes in existing software, but with each update, companies remove any potential flaws they might have used to jailbreak your phone.

Taking this step is one of the best ways to prevent hackers from accessing your data with the added caveat that it only works for some attacks, according to the NSA.

This method will stop cybercriminals from spying on calls, texts and data, and will block most spear-phishing attacks, which occurs when a cybercriminal sends fraudulent emails aimed at stealing sensitive information such as login credentials.

It will also help prevent zero-click exploits, which involve hackers downloading spyware to a smartphone without them clicking a link.

2. Only install apps from official stores

Smartphone users should be careful when installing apps and ensure that they are only downloaded from official stores like Google Play and App Store.

Unofficial app stores include Aptoide, SlideMe, ACMarket and Amazon Appstore.

Hackers often create a fake version of a legitimate app that will give them full access to your device once it’s downloaded.

They can then install malware on your device and share your data with third parties.

By double-checking that the app and store are legitimate, you can prevent phishing and the collection of audio, video, calls, text, and data, and stop a hacker from accessing your device’s geographic location.

Google was forced to ban nearly 2.3 million apps from the Play Store last year alone and banned 333,000 bad accounts ‘for violations such as confirmed malware and repeated serious policy violations,’ the company reported in April.

That was a 60 percent increase from a year ago, when it blocked 1.4 million apps from the Play Store and suspended 173,000 accounts.

3. Turn off WiFi and Bluetooth

Android and iPhone users should also refrain from connecting to public WiFi networks.

But NASA warned that users connecting to external networks should turn off Bluetooth when not in use.

Hackers are constantly looking for vulnerabilities, and leaving WiFi on makes the device vulnerable to ‘KRACK’ attacks, also called Key Reinstallation Attack.

This is a cyberattack that works by manipulating protected WiFi access through encryption keys to create a secure connection that allows them to steal data over the network when they are within close range of their target.

Likewise, leaving your Bluetooth on can result in a ‘BlueBorne’ attack – where a hacker takes control of your device without any user interaction.

BlueBorne allows hackers to carry out cyber espionage, data theft or even a ransomware attack.

Public WiFi networks don’t have the same security that your home does, leaving your smartphone open to serious risks of hackers stealing your identity and financial accounts.

Cybercriminals can set up WiFi networks that look similar to the one you want to use, such as ‘Cafe01’ instead of ‘Cafe1’ in the hope that you will connect to it by mistake.

Once you’re online, hackers can use online victim profiling to steal your identity and pull data from anything you type online.

They can also install malware on your device that will allow them to have continuous access to your phone’s data, even after you’ve disconnected from the WiFi network.

According to a 2023 Forbes study, 40 percent of people surveyed said their personal information had been compromised while using public WiFi — mostly in airports, hotels or restaurants.

4. Use encrypted voice, text and data applications

Encrypted voice, text, and data apps can help block hackers from accessing your personal information by turning your communication into a code.

WhatsApp is one of the most popular encryption apps followed by Telegram that offers end-to-end encryption – a security method that keeps calls, messages and other data private from anyone, including the app itself.

However, even encrypted apps are not 100 percent safe from attacks like WhatsApp because they are vulnerable to zero-click exploits in 2019.

The exploit was triggered by a missed phone call, allowing the hacker to gain access to the app and install malware on the device.

Zero-click attacks are one of the most dangerous because the user does not need to click on a malicious link or download a compromised file for their data to be targeted.

Kevin Briggs, an official at the US Cybersecurity and Infrastructure Security Agency, told the Federal Communications Commission (FCC) earlier this year that there have been ‘multiple incidents of successful and unauthorized attempts’ to steal user data. location from US cell phones.

The hackers had also monitored voice and text messages and distributed spyware and sent text messages from abroad to influence American voters, Briggs reported.

5. Do not click links or open attachments

The NSA warned Android and iPhone users against opening unknown email attachments and links in its mobile best practices document.

“Even legitimate senders can transmit malicious content accidentally or as a result of being compromised or impersonated by a malicious actor,” the NSA wrote in the report.

Hackers can access your personal information in one of two ways: by logging your keyboard or by using a Trojan malware.

Keylogger works like a tracker that follows your every move allowing them to access real-time information as you type or browse the web and other apps – even listening to your phone conversations.

The Trojan is invisible malware that is used to extract important data, including credit card account details and your social security information, if they are stored on your phone.

“Falling to social engineering tactics, such as responding to unsolicited emails asking for sensitive information, can result in account compromise and identity theft,” Oliver Page, CEO of cybersecurity company Cybernut, told Forbes.

“These phishing attempts often impersonate legitimate entities, tricking individuals into revealing confidential details,” he continued.

“Believing calls or messages without verification can lead to serious consequences, as fraudsters manipulate victims into revealing sensitive information or taking actions that compromise their security.”

6. Restart your device every week

Smartphones should be turned off and on once a week to prevent zero-click and phishing exploits.

If users do not reboot the system, a hacker can manipulate open URLs to run code that installs malware on the device.

Shutting down your phone resets all open web pages and apps and logs out of bank accounts to prevent cybercriminals from accessing sensitive information.

This has the same result as a spear-phishing attack because it removes the hackers’ ability to send targeted phishing emails because they won’t be able to access your personal information.

A 2015 Pew Research study found that nearly half of all smartphone owners rarely or never turn off their cell phone. while 82 percent said they never or rarely restarted their phone.

Although restarting your phone alone sometimes prevents attackers from accessing your data, it makes hackers work harder to breach your phone’s defenses.

“This is about putting a cost on these malicious actors,” Neal Ziring, technical director of the National Security Agency’s cybersecurity directorate, told The Denver Post in 2021.

7. Use a microphone box and cover the camera

Using a protective case to muffle the microphone and block out background audio could stop a “friendly friendly attack” in its tracks, the NSA said.

These boxes have a built-in microphone blocking system that prevents unwanted eavesdroppers from listening to your conversations through apps or an external cyber attack.

It is also important to cover the rear and front camera on both Android and iPhone because hackers can turn the mobile camera on and off and save media from the camera file if they have access to your phone.

You can cover the camera with a sticker, tape, or a camera cover built into the case to protect you from a hacker watching your every move.

How to know if you have been hacked

There are several possible signs that indicate if your Android or iPhone has been hacked, such as if the camera light stays on, even after closing the app, or it may turn on unexpectedly.

Other signs that you’ve been hacked include your battery draining faster than usual, if your phone is running slowly or suddenly heats up, and if apps close suddenly or your phone seems to turn itself off and on, according to security. company, McAfee.

Users should also be on the lookout for any unknown texts, data or charges on your phone bill.