Interesting to hear such things discussed at that level. Turning it off is suggested to get rid of compromised background processes that might be spying on users. Obviously, this only help against malware that isn’t permanently installed on a phone.

  • distractedcactus@beehaw.org
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    This is good advice if your phone is actively being hacked in real time when you turn it off. Otherwise all you’re doing is delaying or temporarily interrupting any data collection that’s going on in the background. Any apps that are sophisticated enough to run undetected by a normal user are also going to restart themselves as soon as the phone boots up again.

    Also, if you are being targeted by a hacker that is knowledgeable enough to actively get into your device (especially an iPhone) without physical access then you’re better off destroying it and buying a new one, along with doing a full reset of all of your passwords, 2FA setup, and anything else you think you’re relying on for “security”.

    • cark@beehaw.org
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      That is not true. Many attacks (e.g. the recently revealed Operation Triangulation) do not have persistence.

      • aranym@lemmy.name
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Yup, a lot of very sophisticated mobile malware does not have persistence. His advice holds up.

    • abhibeckert@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      you’re better off destroying it and buying a new one

      Um, what? Spending a thousand bucks on a new phone, which they will probably infect almost immediately, is poor advice.

      If I was in that situation the first thing I’d do is disconnect it from the internet. The next thing I’d do is lock everything down so the attacker can’t use the phone to do any harm (reset passwords, etc, and don’t log into those accounts from your phone).