![\"United](\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2025\/11\/1764172204_482_0x0.jpg\")
<\/p>\n<\/p>\n
Secure your smartphone now, CISA warns.<\/p>\n
SOPA Images\/LightRocket via Getty Images<\/p>\n
Updated November 27 with further security agency advice for iPhone and Android smartphone users, this time from the U.K. National Cyber Security Centre, to accompany the already published advice from the U.S. Cybersecurity and Infrastructure Security Agency.<\/p>\n
Hot on the heels of reports of Sturnus spyware being used to effectively bypass encryption and read private messages<\/a> sent by Signal, Telegram and WhatsApp to your smartphone, the U.S. Cybersecurity and Infrastructure Security Agency issued an urgent alert<\/a> that \u201cmultiple cyber threat actors\u201d are \u201cactively leveraging commercial spyware to target users of mobile messaging applications.\u201d Now CISA has released further urgent guidance that it says individuals at risk of being targeted should \u201cimmediately review and apply.\u201d Here\u2019s the step-by-step instructions to secure your smartphone, with guides for both iPhone and Android, from spyware attack<\/a> according to America\u2019s Cyber Defense Agency.<\/p>\n ForbesAmazon Issues Attack Alert \u2014 300 Million Customers Are At Risk NowBy Davey Winder<\/a>Cyber Attacks Target iPhone And Android Smartphone Users<\/p>\n Cyber attacks come in a myriad of shapes and sizes. From the newly reported attacks against London councils<\/a>, to those against users of Amazon, Netflix and PayPal<\/a>, to the highly-targeted and constantly evolving spyware threats<\/a> facing smartphone users. It is the latter that is of concern to CISA, and should be to you as well, especially if you fall into the high-risk category of individual. That is, dear reader, a broad remit: journalists, political activists, government employees, the military, and, well, the list goes on. Better to assume you could be a target, even if only in terms of collateral damage to get to a bigger fish, and secure your smartphones as best you can.<\/p>\n The CISA Mobile Communications Best Practice Guidance<\/a> document, classified as traffic light protocol clear, meaning I am able to share the information contained within, has just been updated and, as well as including recommendations for securing end-to-end encrypted communications, has step-by-step guides to enhance the security and privacy of both iPhone and Android smartphones. <\/p>\n ForbesFBI Warns That Hackers Are Posing As Fake Feds \u2014 What You Need To KnowBy Davey Winder<\/a><\/p>\n iPhone recommendations:<\/p>\n Enable Lockdown Mode to limit apps, websites and features to effectively reduce the attack surface.Disable the send as text message option that would otherwise allow SMS use if end-to-end encrypted iMessage were not available.Use Apple iCloud Private Relay for enhanced security and privacy by protecting Domain Name System queries.Review and restrict app permissions, revoking those that are not essential, especially when it comes to location, camera and microphone.<\/p>\n Android recommendations:<\/p>\n Use smartphone devices from those manufacturers with a commitment to long-term security updates and that support hardware-level security features.Only use RCS messaging if end-to-end encryption is enabled.Configure the Android Private DNS option to use a high-privacy resolver such as Cloudflare\u2019s 1.1.1.1, Google\u2019s 8.8.8.8 Resolver, and Quad9\u2019s 9.9.9.9.Ensure \u2018always use secure connections\u2019 is enabled in the Android Chrome browser.Ensure \u2018enhanced protection for safe browsing\u2019 is enabled in the Android Chrome browser.Ensure \u2018Google Play Protect\u2019 is enabled to detect and prevent malicious app downloads.Review and restrict app permissions, revoking them in the same way as for the iPhone advice.ForbesDo Not Download These Windows Security Updates, Experts WarnBy Davey Winder<\/a>National Cyber Security Centre Advice For iPhone And Android Smartphone Users<\/p>\n The National Cyber Security Centre, part of the U.K. Government Communications Headquarters, better known as GCHQ, has a mission-based strategy to \u201cmake the UK the safest place to live and work online.\u201d So, it is hardly surprising to learn that it has also published recommendations <\/a>for smartphone users on how to keep them, and the data stored within them, secure. <\/p>\n Number one, the NCSC advisory stated, is to ensure that you are using a secure lock screen password or PIN, not \u201ca simple one that can be easily guessed or gleaned from your social media profiles.\u201d That is very solid advice, and you can read more about lock screen PINs to avoid here<\/a>.<\/p>\n Next, we have enabling the built-in find me or tracking function, a feature of your smartphone, so that lost or stolen devices can be tracked and, most importantly, locked and data deleted if necessary. <\/p>\n Keep your smartphone updated with the latest security patches, it\u2019s free, mostly automated, and can save you from being vulnerable to hack attacks.<\/p>\n Ditto, but for your apps.<\/p>\n Finally, and most controversially in my never humble opinion, is the \u201cdon’t connect to unknown Wi-Fi hotspots\u201d advice. While it is true that someone could have setup a malicious hotspot in a coffee shop or at the airport, the reality is that this is extremely unlikely and, given the near-ubiquity of HTTPS encryption during communications, the risk is massively reduced when it comes to the majority of snoopers. Yes, if you are a high-value individual, then you could be targeted, but someone just sweeping an entire coffee shop on the off chance of finding a profitable enough mark is slim. Indeed, most cybersecurity professionals of my acquaintance will happily tell you they connect to such networks without fear. If you are concerned, using your mobile 4G or 5G network is recommended if available, like you\u2019d be using a free hotspot if it weren\u2019t.<\/p>\n