Secure your smartphone now, CISA warns.
SOPA Images/LightRocket via Getty Images
Hot on the heels of reports of Sturnus spyware being used to effectively bypass encryption and read private messages sent by Signal, Telegram and WhatsApp to your smartphone, the U.S. Cybersecurity and Infrastructure Security Agency issued an urgent alert that “multiple cyber threat actors” are “actively leveraging commercial spyware to target users of mobile messaging applications.” Now CISA has released further urgent guidance that it says individuals at risk of being targeted should “immediately review and apply.” Here’s the step-by-step instructions to secure your smartphone, with guides for both iPhone and Android, from spyware attack according to America’s Cyber Defense Agency.
ForbesAmazon Issues Attack Alert — 300 Million Customers Are At Risk NowBy Davey WinderCyber Attacks Target iPhone And Android Smartphone Users
Cyber attacks come in a myriad of shapes and sizes. From the newly reported attacks against London councils, to those against users of Amazon, Netflix and PayPal, to the highly-targeted and constantly evolving spyware threats facing smartphone users. It is the latter that is of concern to CISA, and should be to you as well, especially if you fall into the high-risk category of individual. That is, dear reader, a broad remit: journalists, political activists, government employees, the military, and, well, the list goes on. Better to assume you could be a target, even if only in terms of collateral damage to get to a bigger fish, and secure your smartphones as best you can.
The CISA Mobile Communications Best Practice Guidance document, classified as traffic light protocol clear, meaning I am able to share the information contained within, has just been updated and, as well as including recommendations for securing end-to-end encrypted communications, has step-by-step guides to enhance the security and privacy of both iPhone and Android smartphones.
ForbesDo Not Download These Windows Security Updates, Experts WarnBy Davey Winder
iPhone recommendations:
Enable Lockdown Mode to limit apps, websites and features to effectively reduce the attack surface.Disable the send as text message option that would otherwise allow SMS use if end-to-end encrypted iMessage were not available.Use Apple iCloud Private Relay for enhanced security and privacy by protecting Domain Name System queries.Review and restrict app permissions, revoking those that are not essential, especially when it comes to location, camera and microphone.
Android recommendations:
Use smartphone devices from those manufacturers with a commitment to long-term security updates and that support hardware-level security features.Only use RCS messaging if end-to-end encryption is enabled.Configure the Android Private DNS option to use a high-privacy resolver such as Cloudflare’s 1.1.1.1, Google’s 8.8.8.8 Resolver, and Quad9’s 9.9.9.9.Ensure ‘always use secure connections’ is enabled in the Android Chrome browser.Ensure ‘enhanced protection for safe browsing’ is enabled in the Android Chrome browser.Ensure ‘Google Play Protect’ is enabled to detect and prevent malicious app downloads.Review and restrict app permissions, revoking them in the same way as for the iPhone advice.ForbesPassword-Stealing AI HashJack Threat To Web Browsers ConfirmedBy Davey Winder