Australian Prime Minister Anthony Albanese recently made an unconventional recommendation on cybersecurity, urging citizens to turn off their mobile phones for five minutes every night to enhance their security. This seemingly simple practice raises questions about its effectiveness and the reasoning behind the specific timing and duration. The recommendation is attributed to its potential to counteract spyware and malware threats, especially those that operate in the background.
Australia has been a target of massive leaks and hacks in the past year, impacting the personal data of 40% of the population. In a statement quoted by The Guardian, Prime Minister Anthony Albanese emphasized the importance of personal responsibility in maintaining cybersecurity. He suggested a simple practice: turning off the mobile phone for five minutes every night. This recommendation was further emphasized as a daily ritual that should be integrated into the daily routine, much like brushing teeth.
The Five-Minute Strategy: Possible Considerations
Although the exact logic behind the five-minute duration and the nightly timing remains speculative, it makes sense to explore the potential benefits for digital security. This practice can counteract spyware running in the background of devices. To understand this logic, it is important to distinguish between two types of malware: persistent and non-persistent
Persistent Threats: These refer to malicious software or malware that remains active even after the initial launch of the app, the current login session, or even a complete shutdown and restart. They can survive in various phases of device usage and shutdown.
Non-Persistent Threats: In contrast, non-persistent threats are temporary and do not survive from one app launch to the next, from one session to the next, or from shutdown to restart. They are effectively terminated when the device is completely shut down.
By encouraging you to turn off your phone daily for five minutes, the Prime Minister’s recommendation could effectively disrupt persistent threats that have managed to establish themselves in the background of your device. Turning off your device closes all running apps and subsequently halts the operating system, interrupting the activity of malware or spyware, along with other background processes. Therefore, regular shutdowns could act as a countermeasure against persistent threats.
If attackers can only trigger the execution of unauthorized code in your browser, it’s likely that their malware won’t be able to break out of the browser process, thus gaining no access to other parts of your device or modifying them.
The malware could be confined to the current browser session, so restarting your phone (which would remove the browser software and injected malware code from memory) would effectively magically disinfect your device.
However, if the unauthorized code executed by attackers through the Zero-Day WebKit bug in your browser subsequently triggers the other Zero-Day bug in the kernel, you’re in trouble. Attackers can use the non-persistent malware in your browser to compromise the kernel itself and take control of your entire device.
Then, attackers can use the unauthorized code running in your device’s kernel to implement a persistent malware infection that automatically restarts whenever your phone is rebooted.
If attackers choose to do so, the regular rebooting of your phone every day becomes a deceptive security measure, as it will feel like you’re doing something genuinely important and useful, even though that’s not the case.
Here are 8 more tips that you should also consider
With those thoughts in mind, here are some additional mobile cybersecurity tips you should also consider. Unfortunately, none of them are as simple and unobtrusive as just “turning it on and off,” but they are all important to know:
1. Avoid apps you don’t need
Completely uninstall unnecessary apps and delete all associated data. If your needs change, you can always reinstall the app in the future. The best way to prevent data from being spied on by malware is not to store it where malware can see it in the first place. Unfortunately, many mobile devices come with a variety of pre-installed software that cannot be uninstalled, derogatorily referred to as bloatware, but some of these non-removable packages can be disabled to prevent them from running automatically in the background.
2. Explicitly log out of apps when not in use
This is unpopular advice because it means you can’t simply open an app like Zoom, Outlook, or Strava and immediately be in the midst of a meeting, discussion forum, or group ride.
Logging in with passwords and 2FA codes through the cumbersome keyboard of a mobile phone can be tedious. However, the best way to unintentionally expose data is to only authorize yourself and your device to access it when truly necessary. Restarting your device doesn’t “restart” the logged-in status of the apps you use, so your phone automatically authenticates with all frequently used apps to their respective online accounts unless you deliberately logged out beforehand. Unfortunately, different apps (and different operating system options) implement their logout procedures differently, so you may need to explore how to do this.
3. Learn how to manage the privacy settings of all apps and services you use
Some configuration settings can be controlled centrally through your phone’s operating system settings app, others can be managed within the app itself, and others may require a visit to an online portal. Unfortunately, there’s no shortcut because different apps, different operating systems, and even different mobile carriers have different setup tools. Consider reserving a rainy weekend afternoon to explore the numerous privacy and security options that exist in your selected apps and services.
4. Learn how to delete your browser history, cookies, and website data, and do so frequently
Restarting your device doesn’t “restart” your browser history, leaving behind all kinds of tracking cookies and other personal browsing elements even when your phone is rebooted. Again, every browser does it slightly differently, so you’ll need to tailor the procedure for clearing history and cookies to the browser or browsers you use.
Â
5. Turn off as much as possible on the lock screen
Ideally, your lock screen should be exactly that, a locked screen where you can only do two things: make an emergency call or unlock your device for use. Any app you allow to access your “lock screen” and any personal data you display on it (upcoming meetings, message subject lines, personal notifications, etc.) weakens your cybersecurity position, even if only slightly.
Â
6. Set the longest lock code and the shortest lock time you can tolerate
A minor inconvenience for you can mean a massive additional hurdle for cybercriminals. And get into the habit of manually locking your device whenever you set it down, even if it’s right in front of you, just for added security.
Â
7. Be aware of what you share
If you don’t absolutely need to know your exact location, consider turning off location services entirely. If you don’t need to be online, try turning off Wi-Fi, Bluetooth, or your mobile connection. And if you truly don’t need your phone (for example, when going for a walk without taking it along), consider turning it off completely until later, just as the Australian Prime Minister suggests.
8. Set a PIN code on your SIM card if you have one
A physical SIM card is the cryptographic key for your phone calls, text messages, and perhaps some of your 2FA security codes or account resets. Don’t make it easy for a thief who steals your phone simply by inserting your unlocked SIM card into their own phone to take over the “phone” function of your digital life. You only need to re-enter your SIM PIN when you restart your phone, not before every call.
By the way, if you plan to regularly restart your phone – as mentioned above, it doesn’t hurt, and it gives you a fresh OS start every day – why not follow the same process with your laptop?
Hibernate on modern laptops is incredibly convenient, but it really only saves you a few minutes a day since modern laptops start up very quickly anyway.
Oh, and don’t forget to regularly clear your browser history on your laptop as well – it’s a minor thing.
