397
Why the NSA Is Right About Periodically Restarting Your Smartphone (gizmodo.com)
submitted 1 month ago by VITecNet@programming.dev to c/technology@lemmy.world
105 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[-] henfredemars@infosec.pub 376 points 1 month ago* (last edited 1 month ago)

You do it because it makes an attacker’s life harder because now I have to find two bugs instead of one.

The entire boot chain of the phone up to the apps you run are verified successively by the component that loads it. A digital signature helps ensure that only trustworthy code ever runs. A bug must be found to bypass these checks to load malware code. For example, a bug in the image code in a web browser might cause loading of code that isn’t checked. This way the malware gets smuggled onto the phone.

This means that if you get hacked via one bug and malware is loaded, the attacker has to work harder to solve the problem of how do I convince the phone to load it again at boot because the code it’s made of isn’t going to be approved code. When you reboot, you are effectively forcing a validation that all the code you have running is authentic, which would exclude the malware. Trick me once sure, can you survive a full pat down? Probably not. It’ll get caught.

Unless I have a second bug to fool the normal code loading systems too, the malware can’t run. You have to go back and trigger the first bug again somehow, which places more strain on the attacker.

[-] cranakis@reddthat.com 119 points 1 month ago

Thanks for taking the time to write that out. I found it really helpful.👍

[-] henfredemars@infosec.pub 71 points 1 month ago

I love to talk about computer security. I don’t get the chance often enough.

[-] Chozo@fedia.io 30 points 1 month ago

I hope you get more chances to do so; you explained the situation in a much better way than the article and convinced me to reboot my phone.

[-] SeekPie@lemm.ee 10 points 1 month ago* (last edited 1 month ago)

You restart your phone because of security.

I 'restart' my phone, because it's overheated and lost its battery % to 0.

We're not the same.

[-] DjMeas@lemm.ee 7 points 1 month ago

Thank you, friend. You've convinced me to restart my phone.

load more comments (1 replies)
load more comments (3 replies)
[-] some_boring_username@lemm.ee 38 points 1 month ago

Exactly, as you already explained in detail this is primarily for security.

GrapheneOS has a feature to set a time after which the phone reboots in case there was no unlock. So in case a bad actor gets your phone they only have that time with a running system after the first unlock. However, if you use it normally, and unlock it in regular intervals it does not auto-reboot. This is especially neat if your threat level is not "investigative journalist" or "political activist on the run", because then you can set the time to a longer interval and the phone does not reboot every night when you are asleep which also leads to the SIM card being locked and nobody being able to call you...

[-] henfredemars@infosec.pub 15 points 1 month ago

I remember this feature, and I wish it was a standard Android feature. It sounds like it would be trivial to implement and could be completely optional.

load more comments (3 replies)
[-] TAG@lemmy.world 10 points 1 month ago

But that only works for untrusted code escaping a sandbox, right? It does not help with malicious code embedded into legitimate seeming apps. The later vector seems easier, especially on Android, no?

[-] henfredemars@infosec.pub 25 points 1 month ago* (last edited 1 month ago)

I don't really consider a malicious app to be an exploit. In this case, the software is doing exactly what it was designed to do -- malicious activity. It's not being manipulated to perform unintended operations through the exploitation of a software bug. Code signing and secure boot are not effective in the face of intentionally shipping malicious code to end users. It's designed to frustrate actual hackers.

For malicious-by-design apps, we rely on a central app store that hopefully reduces the number of bad apps in circulation. If you publish malware, eventually you get caught and we know who you are. Sandboxing with a permissions system helps prevent apps from performing actions contrary to the user's interests. E.g. why is my flashlight app asking for my contacts when I pressed 'change color?'

If you directly exploit your way in, it's harder to know who did this and why because you didn't go through any central vetting or accountability system, and you're not so easily bound by the permissions system. It depends on what your bad guy's goals are, what they want, whom they're targeting. Force your way in the back entrance, crawl through an open window (like a weak security setting), or lie your way in the front door (trojan)? It depends.

None of it is perfect, but I'm sure OS design experts would love to hear about better solutions if any exist.

load more comments (4 replies)
[-] Th3D3k0y@lemmy.world 9 points 1 month ago

I miss my BlackBerry and it's scheduled reboot option

[-] iturnedintoanewt@lemm.ee 9 points 1 month ago

Pixels with grapheneos can reboot automatically after a number of hours with the screen off (unattended because you are sleeping). But this would also interfere with Whatsapp backup, which happens overnight.

[-] Strepto@sh.itjust.works 6 points 1 month ago

Samsung phones also have a reboot schedule option

load more comments (4 replies)
load more comments (4 replies)
[-] altima_neo@lemmy.zip 111 points 1 month ago

Jokes on them, my S22 Ultra restarts in it's own. Even when I don't want it to.

[-] thejml@lemm.ee 35 points 1 month ago

It’s a feature! Device Failed Successfully.

[-] ElderWendigo@sh.itjust.works 8 points 1 month ago

This is gonna sound odd, but have you cleaned out the USB port lately? Weird stuff happens when pocket lint collects in there. I thought mine had a dead port until I picked out (with a non-conductive toothpick) the lint I didn't realize had accumulated.

[-] sugar_in_your_tea@sh.itjust.works 7 points 1 month ago

Sounds like my wife's old Samsung phone as well... I'm sensing a common theme...

load more comments (1 replies)
load more comments (10 replies)
[-] recursive_recursion@programming.dev 68 points 1 month ago* (last edited 1 month ago)

TL;DR:
Restarting your phone once a week can help improve performance and security.

  • this is the same for routers and it's commonly known as a power refresh
[-] cyberpunk007@lemmy.ca 24 points 1 month ago

Maybe home grade routers.

[-] qprimed@lemmy.ml 24 points 1 month ago

well, I mean... anything can leak memory. but yeah, enterprise/carrier grade devices are designed to be in continuous use for years and they generally do that pretty well.

[-] sugar_in_your_tea@sh.itjust.works 14 points 1 month ago

Even then, some places will reboot on a schedule when nobody should be using it.

I have some entry level "enterprise" hardware (Mikrotik router and Ubiquiti access point) and I auto-reboot mine weekly. In addition to maintaining performance and minor security wins, it also helps ensure everything csn survive a reboot (e.g. all configurations have persisted to disk).

It's good practice. Some people brag about continuous uptime, I see it as a liability.

[-] cyberpunk007@lemmy.ca 6 points 1 month ago

It's good practice for patching purposes. You should always be maintaining stable OS versions and a memory leak or the like is fairly uncommon. I think I've seen it once in my career on a particular check point OS version.

load more comments (1 replies)
[-] locuester@lemmy.zip 6 points 1 month ago

Absolutely. Nothing scarier than rebooting the computer or router that’s been running for 10 years.

I also enjoy exercising software blue/green rotation weekly. Even if no code changes, have it roll to the alternate infra on an automated schedule. Is a great habit to get into and helps any engineer sleep better. It also results in providing very accurate downtime recovery numbers - not estimates.

load more comments (1 replies)
load more comments (1 replies)
[-] tal 7 points 1 month ago

If my router rebooted once a week, it would be in the trash can.

load more comments (1 replies)
[-] zingo@lemmy.ca 6 points 1 month ago

Restarting anything with a chip in it once and a while is good practice.

[-] Tag365@lemmy.world 5 points 1 month ago

Feels like I need to reboot my iPhone daily in order to keep applications and tabs from being terminated from out of memory issues as quickly.

load more comments (1 replies)
load more comments (3 replies)
[-] impure9435@kbin.run 43 points 1 month ago

GrapheneOS has a convenient auto-reboot feature

[-] CaptKoala@lemmy.ml 7 points 1 month ago

TIL, I use GOS and never thought to look, I just see a banner saying there's been updates and I've got "update and restart now", "schedule restart" and "I'll restart myself when ready" (or some such).

[-] impure9435@kbin.run 22 points 1 month ago

The main purpose of this is actually security. Because when the device is in BFU (before first unlock) state, it's much harder to gain access to the data (without the correct unlock credentials). During the reboot, the encryption keys are wiped from RAM, making it essentially impossible to access the device, since brute-force unlock attempts are prohibited by Weaver API, which is enforced by the Titan M2 hardware security module. You can read more about this at https://grapheneos.org/faq#encryption

load more comments (3 replies)
load more comments (2 replies)
[-] jgomo3@lemmy.world 32 points 1 month ago

"you do need to restart your phone regularly to rid it of demons"

typo: "daemons", not "demons".

load more comments (2 replies)
[-] Bobo@lemm.ee 22 points 1 month ago

Samsung phones have an option of scheduled autorestart; I have mine set to restart once every week at a scheduled time.

[-] SomethingBurger@jlai.lu 32 points 1 month ago

LineageOS has this option too. The whole system crashes and restarts randomly once a week /s

[-] higgsboson@dubvee.org 10 points 1 month ago

Just once a week? They must be improving.

[-] variants@possumpat.io 20 points 1 month ago

I remember my old phone had the option to auto reboot and I had it set to like 3am but now I don't see that option on newer phones. My previous phone didn't even have a reboot option I had to shut it down and power it back up

[-] viking@infosec.pub 16 points 1 month ago

I'm using Automate for this purpose, it's a very simple flow:

https://play.google.com/store/apps/details?id=com.llamalab.automate

[-] hal_5700X@sh.itjust.works 13 points 1 month ago* (last edited 1 month ago)

For Samsung phones. Go to Settings -> Device Care -> Under Performance you will see Auto Optimization -> At the bottom of the page you will see Auto Restart -> Restart on Schedule -> Done.

[-] variants@possumpat.io 7 points 1 month ago

Would alarms work after a restart if I don't unlock ot first?

[-] Strepto@sh.itjust.works 7 points 1 month ago

I've tested this and they do still work

load more comments (1 replies)
load more comments (3 replies)
[-] ObsidianZed@lemmy.dbzer0.com 19 points 1 month ago

I use Tasker automation that reminds me to reboot after my phone has been up for awhile. I don't think I'd like an auto reboot feature. I don't even like it when I can't postpone a software update until a time convenient for me.

[-] hal_5700X@sh.itjust.works 15 points 1 month ago

Wait...the NSA did something good. WTF.

[-] redbr64@lemmy.world 13 points 1 month ago

Coming from the 9000 series, I am wondering what do you like about the 5700 series HAL?

[-] accideath@lemmy.world 12 points 1 month ago

My iPhone 13 mini‘s battery is so small that I involuntarily restart it at least once every two weeks

load more comments (3 replies)
[-] drawerair@lemmy.world 9 points 1 month ago

I'm doubtful. I wanna hear more from security experts.

load more comments (1 replies)
[-] dreikelvin@lemmy.world 6 points 1 month ago

iphones just do weird shit after a while so that you can't go on without a restart. truly smart

load more comments
view more: next ›
this post was submitted on 31 May 2024
397 points (97.8% liked)

Technology

55692 readers
2496 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world