How often do you turn your iPhone or android smartphone off? Not often enough, says the NSA as it issues a security warning to all users about zero-click attacks.
It's actually good advice to periodically restart your secure devices. There are many exploits that can only persist in memory and not on the actual storage device itself. So by restarting you go back into a known good state. And any malicious actor would have to reinfect your phone, which may not be guaranteed
You can't activate malware by restarting your system. There's no reason why an attacker would wait for a restart to do what they want to do.
What can happen is that restarting doesn't help fix anything related to malware if the malware has been written to gain persistence. It'll edit the registry so that it can run on startup, so restarting your system makes no difference.
Only exploits that require human intervention would be defeated by this though. If you have a zero touch exploit that can privesc, the persistance doesnt need to be anything special, you can just wrap your exploit in an ordinary android app and request it be woken up on next boot.
Not necessarily true. It could be a buffer overflow in text message processing, it's still requires a text message to be sent to the phone.
It could be a Wi-Fi or Bluetooth exploit, which requires locality.
It could be a browser, webview, certificate exploit that requires a sophisticated chain of events with a low probability to intercept a web page and get the user to do something that isn't guaranteed.
The exploit might display itself to a user on the phone, so every time it's applied there's a risk of discovery.
Not to mention many advanced persistent threats do not want their exploits to be analyzed, so they will not leave them sitting around to be collected, just waiting for the device to need a reinfection. That's valuable signals capability that you give to your adversary they just need to analyze it.
Just be mindful when restarting automatically, as some OS offer. It's neat not having to remember to manually restart every few days, but your pending notifications will get lost and, depending on your setup, your cellular/network connections will not automatically reconnect until you login.
It is also a good idea for computing devices in general since not restarting means effectively restarting and finding out that the restart didn't work properly or that you do not have all the information needed to log back in at the worst possible time, one you didn't choose yourself. And if you do it often enough the number of updates/changes that could be the cause is significantly lower than if you keep things running for a long time before a restart.
I mean this has been a cybersecurity best practice forever. If anything, it's someone at the NSA having a chuckle knowing how the cynics will react to something which is barely a step above common sense.
I don't have 40 hours to dedicate to a single error message that pops up only on Tuesdays during a full moon and Jeff just needs to print his stupid report.
we are talking about user devices in the wild, likely in an unknown state, with highly variable usage patterns by the user. someone with experience can usually determine how deeply to poke based on 30 seconds of questioning the user.
"reboot" is absolutely valid when the issue is trivial, non-recurring and the equipment is not sensitive. if a reboot destroys logs then the device was not important to you to begin with.
My experience has been the exact opposite of this.
Restarting a system gets it into a known state making debugging easier.
There are times you don't want to restart, if your a software developer and a long lived process is behaving erratically and you haven't been able to figure out why via telemetry and this problem has been super hard to reproduce...... But this is a very niche and rare circumstance. Most scenarios the first priority is to get things working ASAP, so the first thing you do is restart.
Hell, many production systems restart periodically to just get closer to a known good state as a matter of hygiene.
they don't even need to put shit directly on our devices to get what they want really, they have a wiretap into all the advertising companies and all the internet providers and all the cellphone and land line providers. They have a wiretap into every remotely accessible camera system. They don't need to come up with more invasive ways to get into all our shit but they keep doing it.
wait, your phone doesn't switch on to ring alarms? i thought all smartphones do that. all androud phones i have do. they don't do a full boot, just sound an alarm and show options to fully start, snooze or end the alarm
// edit
I learned that some brands don't implement that feature. For example: Samsung does not, but Honor does.