Cybersecurity experts are urging smartphone users to fully power down their devices instead of merely restarting them, a critical shift in advice aimed at defeating advanced malware designed to fake reboots.
The French National Cybersecurity Agency (ANSSI) warns that some sophisticated spyware can simulate a phone’s restart to deceive users. These malicious programs can intercept the restart command, making the screen go black with no sound or vibration, while the phone secretly remains active and compromised.
Researchers have uncovered various malware programs and tactics capable of simulating a restart on both Android and iOS devices in recent years. This allows the malware to continue operating undetected, potentially stealing data.
For example, in 2022, security researchers demonstrated how an iPhone could appear to shut down while simultaneously transferring images captured by its front camera to another device. The fake shutdown screen was visually identical to the legitimate iOS process.
To counter this threat, ANSSI recommends turning off the smartphone completely for a few minutes before powering it back on. This ensures all background activities are genuinely terminated and prevents malware from maintaining control.
The U.S. Federal Bureau of Investigation (FBI) echoes this advice, suggesting users power off their phones for about five minutes every night. The FBI’s guidance specifically refers to a complete shutdown, not just a reboot.
Traditionally, cybersecurity experts, including the U.S. National Security Agency (NSA), have advised regularly restarting smartphones, often recommending it at least twice a week. This practice is generally understood to help prevent basic viruses by closing all running applications and background processes.
While a standard restart can close apps and prevent some data theft by simpler malware, the latest warnings highlight a new class of threats that can bypass this common security measure. Users might believe their device is clean after a restart when, in fact, it remains compromised.