Interesting to hear such things discussed at that level. Turning it off is suggested to get rid of compromised background processes that might be spying on users. Obviously, this only help against malware that isn’t permanently installed on a phone.

  • vegivamp@feddit.nl
    link
    fedilink
    English
    arrow-up
    44
    ·
    1 year ago

    As if any spyware worth it’s salt didn’t install itself as service with an innocuous name. Something like “Facebook” or “TikTok”.

    • Artanis@feddit.it
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      undefined> Something like “Facebook” or “TikTok”.

      I wouldn’t call those innocuous at all, lol.

    • marco@beehaw.orgOP
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      That was my initial reaction too, but I believe there is also a good amount of attacks that use 0-day exploits and might not have an angle for permanence yet.

  • distractedcactus@beehaw.org
    link
    fedilink
    English
    arrow-up
    27
    ·
    1 year ago

    This is good advice if your phone is actively being hacked in real time when you turn it off. Otherwise all you’re doing is delaying or temporarily interrupting any data collection that’s going on in the background. Any apps that are sophisticated enough to run undetected by a normal user are also going to restart themselves as soon as the phone boots up again.

    Also, if you are being targeted by a hacker that is knowledgeable enough to actively get into your device (especially an iPhone) without physical access then you’re better off destroying it and buying a new one, along with doing a full reset of all of your passwords, 2FA setup, and anything else you think you’re relying on for “security”.

    • cark@beehaw.org
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      That is not true. Many attacks (e.g. the recently revealed Operation Triangulation) do not have persistence.

      • aranym@lemmy.name
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Yup, a lot of very sophisticated mobile malware does not have persistence. His advice holds up.

    • abhibeckert@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      you’re better off destroying it and buying a new one

      Um, what? Spending a thousand bucks on a new phone, which they will probably infect almost immediately, is poor advice.

      If I was in that situation the first thing I’d do is disconnect it from the internet. The next thing I’d do is lock everything down so the attacker can’t use the phone to do any harm (reset passwords, etc, and don’t log into those accounts from your phone).

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Of course you should always update your iOS when a security fix comes out. It’s not the first remote exploit and it definitely won’t be the last.

        The Teams fix seems to be a bug in how Teams deals with external accounts. It won’t exploit your device automatically, it just allows your run of the mill phishing attempts.

      • TheElectroness@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        My ipad only has 50MB of free ram after the OS loads as it is, I’m not updating ios any further - and I’d probably be just about willing to pay to downgrade back to ipados 12 to make it usable again

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        I don’t think iPhones have that feature.

        Several brands of Android phones have it (as an overnight battery saver feature), but Android generally doesn’t benefit as much from rebooting as iOS does. There’s a system image repair mechanism in Android, but Android offers other methods of persistence for malware to grab onto.

  • Atemu@lemmy.ml
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    Something this might accidentally do is apply an update which would indeed be a boon to security.

  • Los@beehaw.orgM
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    These days, I don’t think phones even turn off completely. Closing to sleeping. And only a portion of background services will stop and restart.

    • azron@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Try holding your power button for a bit of time or letting your battery run down. Phones absolutely turn off

      • Los@beehaw.orgM
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        What I’m saying is - even though it says “shut down”, it’s not doing a real shut down. Yes, you could fully let the battery run dry. But that takes 12 hours and you can’t do it once a day. Plus it ruins your battery’s capacity.

        • Pigeon@beehaw.org
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          It doesn’t seem like a hibernate though - it always has to reload the homescreen and doesn’t remember processes from before the reboot and sk on.

          What are you saying it does instead, if it’s not a real shut down? What is it about it that makes it not a real shutdown? As compared to a computer shutdown.

    • aranym@lemmy.name
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      I think this might be true for iOS, isn’t the case on Android. Android phones still fully shut down in the traditional sense.

  • nothacking@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    Fun fact, the pegasus spyware, yes the NSO group one, will be removed by this. This is to avoid leaving evidence of an infection on the phone. (the phone can be reinfected in seconds of course)

  • Kasion@lemmy.mackners.com
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    Well I guess mobile phone marketing can use this an reason for poor battery life. It’s now a security feature to force users to reboot every 12 hours.

  • Pigeon@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Does setting your phone to limit background processes to 4 (vs the standard limit) in developer settings potentially have a similar effect? If it periodically kills the nefarious process so it can run something else as you usd your phone?