Turn Off, Turn On: Simple Step Can Thwart Top Phone Hackers

FILE - In this Feb. 17, 2016, file photo an iPhone is seen in Washington. (AP Photo/Carolyn Kaster, File)
FILE - In this Feb. 17, 2016, file photo an iPhone is seen in Washington. (AP Photo/Carolyn Kaster, File)
TT

Turn Off, Turn On: Simple Step Can Thwart Top Phone Hackers

FILE - In this Feb. 17, 2016, file photo an iPhone is seen in Washington. (AP Photo/Carolyn Kaster, File)
FILE - In this Feb. 17, 2016, file photo an iPhone is seen in Washington. (AP Photo/Carolyn Kaster, File)

As a member of the secretive Senate Intelligence Committee, Sen. Angus King has reason to worry about hackers. At a briefing by security staff this year, he said he got some advice on how to help keep his cellphone secure.

Step One: Turn off phone.
Step Two: Turn it back on.

That’s it. At a time of widespread digital insecurity it turns out that the oldest and simplest computer fix there is — turning a device off then back on again — can thwart hackers from stealing information from smartphones, reported The Associated Press.

Regularly rebooting phones won’t stop the army of cybercriminals or spy-for-hire firms that have sowed chaos and doubt about the ability to keep any information safe and private in our digital lives. But it can make even the most sophisticated hackers work harder to maintain access and steal data from a phone.

“This is all about imposing cost on these malicious actors,” said Neal Ziring, technical director of the National Security Agency’s cybersecurity directorate.

The NSA issued a “best practices” guide for mobile device security last year in which it recommends rebooting a phone every week as a way to stop hacking.

King, an independent from Maine, says rebooting his phone is now part of his routine.

“I’d say probably once a week, whenever I think of it,” he said.

Almost always in arm’s reach, rarely turned off and holding huge stores of personal and sensitive data, cellphones have become top targets for hackers looking to steal text messages, contacts and photos, as well as track users’ locations and even secretly turn on their video and microphones.

“I always think of phones as like our digital soul,” said Patrick Wardle, a security expert and former NSA researcher.

The number of people whose phones are hacked each year is unknowable, but evidence suggests it’s significant. A recent investigation into phone hacking by a global media consortium has caused political uproars in France, India, Hungary and elsewhere after researchers found scores of journalists, human rights activists and politicians on a leaked list of what were believed to be potential targets of an Israeli hacker-for-hire company.

The advice to periodically reboot a phone reflects, in part, a change in how top hackers are gaining access to mobile devices and the rise of so-called “zero-click” exploits that work without any user interaction instead of trying to get users to open something that’s secretly infected.

“There’s been this evolution away from having a target click on a dodgy link,” said Bill Marczak, a senior researcher at Citizen Lab, an internet civil rights watchdog at the University of Toronto.
Typically, once hackers gain access to a device or network, they look for ways to persist in the system by installing malicious software to a computer’s root file system. But that's become more difficult as phone manufacturers such as Apple and Google have strong security to block malware from core operating systems, Ziring said.

“It’s very difficult for an attacker to burrow into that layer in order to gain persistence,” he said.

That encourages hackers to opt for “in-memory payloads” that are harder to detect and trace back to whoever sent them. Such hacks can't survive a reboot, but often don't need to since many people rarely turn their phones off.

“Adversaries came to the realization they don’t need to persist,” Wardle said. “If they could do a one-time pull and exfiltrate all your chat messages and your contact and your passwords, it’s almost game over anyways, right?”

A robust market currently exists for hacking tools that can break into phones. Some companies like Zerodium and Crowdfence publicly offer millions of dollars for zero-click exploits.

And hacker-for-hire companies that sell mobile-device hacking services to governments and law enforcement agencies have proliferated in recent years. The most well known is the Israeli-based NSO Group, whose spyware researchers say has been used around the world to break into the phones of human rights activists, journalists, and even members of the Catholic clergy.

NSO Group is the focus of the recent exposés by a media consortium that reported the company’s spyware tool Pegasus was used in 37 instances of successful or attempted phone hacks of business executives, human rights activists and others, according to The Washington Post.

The company is also being sued in the US by Facebook for allegedly targeting some 1,400 users of its encrypted messaging service WhatsApp with a zero-click exploit.

NSO Group has said it only sells its spyware to “vetted government agencies” for use against terrorists and major criminals. The company did not respond to a request for comment.

The persistence of NSO's spyware used to be a selling point of the company. Several years ago its US-based subsidy pitched law enforcement agencies a phone hacking tool that would survive even a factory reset of a phone, according to documents obtained by Vice News.

But Marczak, who has tracked NSO Group’s activists closely for years, said it looks like the company first starting using zero-click exploits that forgo persistence around 2019.

He said victims in the WhatsApp case would see an incoming call for a few rings before the spyware was installed. In 2020, Marczak and Citizen Lab exposed another zero-click hack attributed to NSO Group that targeted several journalists at Al Jazeera. In that case, the hackers used Apple’s iMessage texting service.

“There was nothing that any of the targets reported seeing on their screen. So that one was both completely invisible as well as not requiring any user interaction,” Marczak said.

With such a powerful tool at their disposal, Marczak said rebooting your phone won’t do much to stop determined hackers. Once you reboot, they could simply send another zero-click.

“It’s sort of just a different model, it’s persistence through reinfection,” he said.

The NSA’s guide also acknowledges that rebooting a phone works only sometimes. The agency’s guide for mobile devices has an even simpler piece of advice to really make sure hackers aren’t secretly turning on your phone’s camera or microphone to record you: don’t carry it with you.



UK Regulator Considers Opening Apple, Google App Stores to Rival Payments

FILE PHOTO: A Google logo is seen at a company research facility in Mountain View, California, US, May 13, 2025. REUTERS/Carlos Barria/File Photo
FILE PHOTO: A Google logo is seen at a company research facility in Mountain View, California, US, May 13, 2025. REUTERS/Carlos Barria/File Photo
TT

UK Regulator Considers Opening Apple, Google App Stores to Rival Payments

FILE PHOTO: A Google logo is seen at a company research facility in Mountain View, California, US, May 13, 2025. REUTERS/Carlos Barria/File Photo
FILE PHOTO: A Google logo is seen at a company research facility in Mountain View, California, US, May 13, 2025. REUTERS/Carlos Barria/File Photo

Britain's competition regulator on Tuesday proposed allowing app developers to steer users to alternative payment options outside Apple and Alphabet's Google app stores to cut fees and boost competition.

The Competition and Markets Authority said the proposals would remove restrictions that currently prevent UK developers from directing users to off-platform payment options, which are banned by Apple and restricted by Google.

The watchdog said any fees charged by two of the world's largest technology companies for allowing such "steering" would need to be fair and reasonable, and should be lower than current app store commissions, with savings passed on to consumers or reinvested in innovation.

"While it is only fair for Apple and Google ⁠to be compensated for ⁠the services they provide, any fees they charge must be justified through a robust, evidence-led framework involving due reference to both cost and value," Will Hayter, executive director for digital markets, is expected to say later on Tuesday, according to an excerpt of his speech.

The CMA said it was also considering requiring Apple to open up access to its near-field communication technology, which is used for contactless payments, potentially allowing developers to offer payment services within their own iOS ⁠apps.

This could enable UK fintech companies to build alternatives to Apple's wallet, including account-to-account payments and emerging technologies such as digital currencies, Reuters quoted the CMA as saying.

The proposals are part of a consultation under Britain's new digital markets regime, which gives the watchdog powers to impose tailored requirements on companies with so-called "strategic market status.”

Google said in an emailed statement it had already taken steps in that direction, pointing to new Play Store terms introduced earlier this month allowing developers to steer users to complete transactions outside the platform.

The CMA said it would assess Google's recent changes as part of its work before deciding later this year whether to impose formal requirements.

Apple has previously said it does not support allowing developers to direct users to off-platform payments, arguing this could undermine user ⁠security and fraud protections ⁠and limit its ability to verify transactions.

An Apple spokesperson said it could open the door to "scams, bait-and-switch tactics, and the circumvention of parental controls.”

"When users are directed away from Apple's trusted payment infrastructure, they lose the protections they rely on Apple to provide," the spokesperson said, adding the US tech giant would continue to "make our concerns clear" to the CMA.

The regulator designated Apple and Google as having strategic market status in mobile ecosystems last year, giving it the power to intervene more directly to boost competition.

In February, it secured commitments from the two companies to make their app stores fairer and more transparent, including changes to rankings, reviews and access to certain features – but they did not address commissions, which can reach up to 30%.

The CMA said at the time that enabling developers to steer users to alternative payment methods remained a priority, an issue that has also drawn scrutiny from regulators in the European Union, the United States and Japan.


Taiwan Raids Tech Firms in China AI Chip Smuggling Probe

This handout photo from the Taiwan Coast Guard taken on May 20, 2026 and released on May 21 shows pallets of servers made by Super Micro Computer seized by Taiwanese authorities at an undisclosed location. (Photo by Handout / TAIWAN COAST GUARD / AFP)
This handout photo from the Taiwan Coast Guard taken on May 20, 2026 and released on May 21 shows pallets of servers made by Super Micro Computer seized by Taiwanese authorities at an undisclosed location. (Photo by Handout / TAIWAN COAST GUARD / AFP)
TT

Taiwan Raids Tech Firms in China AI Chip Smuggling Probe

This handout photo from the Taiwan Coast Guard taken on May 20, 2026 and released on May 21 shows pallets of servers made by Super Micro Computer seized by Taiwanese authorities at an undisclosed location. (Photo by Handout / TAIWAN COAST GUARD / AFP)
This handout photo from the Taiwan Coast Guard taken on May 20, 2026 and released on May 21 shows pallets of servers made by Super Micro Computer seized by Taiwanese authorities at an undisclosed location. (Photo by Handout / TAIWAN COAST GUARD / AFP)

Taiwanese investigators have raided the Taiwan offices of US company Super Micro Computer and two other tech firms, a prosecutor said Tuesday, as part of an expanded probe into the alleged smuggling of Nvidia AI chips to China.

Prosecutors said in May they were investigating the shipment of "high-end" AI servers containing advanced Nvidia chips to China, Macau and Hong Kong, in violation of US export controls.

Nine people are now under investigation, up from three previously, Huang Sheng, head prosecutor in the Keelung Prosecutors Office, told AFP.

They are accused of forging documents so they could ship roughly 50 servers made by Super Micro Computer to China.

Some of the servers were cleared by Taiwan customs and sent to China via Japan, an official previously told AFP on the condition of anonymity.

Twelve sites were raided on Monday as part of the probe, the prosecutors office said in a statement.

They included the homes of six people and offices of the companies they worked for -- Nasdaq-listed Super Micro Computer and Taiwan-listed firms Albatron Technology and Chief Telecom.

The United States restricts the export of its most cutting-edge AI chips to China, partly over concerns the technology could be used by Beijing's military.

But it is not a criminal offence in Taiwan -- a situation lawmakers and experts say needs to change -- with Taiwanese prosecutors relying on other laws to go after offenders.

Lawmaker Chung Chia-pin, who belongs to President Lai Ching-te's Democratic Progressive Party (DPP), plans to propose an amendment to the Foreign Trade Act to include a "mainland China semiconductor chip clause" that would make exporting chips there illegal.

Chung told AFP Tuesday that a loophole in the law was created under former president Ma Ying-jeou, who belongs to the Kuomintang party, and successive DPP-led governments have failed to close it.

Top-end chips made by US titan Nvidia -- the world's most valuable company -- are used to train and run AI systems.

In response to Washington's export restrictions, China has been accelerating efforts to develop its own AI chips and break away from reliance on US hardware.

This month, Taiwanese Deputy Economic Affairs Minister Ho Chin-tsang said Taiwan and the United States "will work to implement our shared export control goals", but the government has not provided details.

Chris McGuire, an expert on China and AI at the US-based Council on Foreign Relations, said chip smuggling was a "really significant problem" in Taiwan and Southeast Asia.

"It's really, really important that allies align with the United States on all of these policies and also legal authorities," McGuire, who worked at the National Security Council under former US president Joe Biden, told a forum in Taipei this month.

"It's not a criminal violation in Taiwan to export AI chips to China, obviously it is under US law, but it's not under Taiwanese law. That needs to change, right?"

Super Micro Computer, Albatron Technology and Chief Telecom have said separately they are cooperating with investigators. Their shares have seen sharp falls this week.

Prosecutors say it is too early to know if the case is linked to a Nvidia chip smuggling case involving Super Micro Computer employees in the United States.

A US indictment unsealed in March showed employees of the company allegedly raked in billions of dollars diverting Nvidia AI chips to China in breach of export controls.


WhatsApp Will Allow Users to Go by Usernames Instead of Phone Numbers, Closing a Privacy Blind Spot

A WhatsApp icon is displayed on an iPhone, Nov. 15, 2018, in Gelsenkirchen, Germany. (AP)
A WhatsApp icon is displayed on an iPhone, Nov. 15, 2018, in Gelsenkirchen, Germany. (AP)
TT

WhatsApp Will Allow Users to Go by Usernames Instead of Phone Numbers, Closing a Privacy Blind Spot

A WhatsApp icon is displayed on an iPhone, Nov. 15, 2018, in Gelsenkirchen, Germany. (AP)
A WhatsApp icon is displayed on an iPhone, Nov. 15, 2018, in Gelsenkirchen, Germany. (AP)

WhatsApp users will soon get the option of going by usernames instead of phone numbers, the company said Monday, announcing plans to address a privacy blind spot.

The app said it has started allowing users to reserve unique usernames, which can be used to contact WhatsApp users when the feature is launched later this year.

WhatsApp, which says it has more than 3 billion users globally, has until now allowed users to be contacted by anyone who has their phone number.

The app, owned by Meta Platforms, said in a blog post that over the “coming months” users will get the option to be found and contacted only by their username, and not their number. It wasn't more specific about the timeline.

“We have designed this as a core privacy feature,” Alice Newton-Rex, WhatsApp's vice president of product, told reporters.

There won't be a directory of usernames on the app, and the app won't suggest names as you type.

“People will need to know your exact username to contact you for the first time,” she said.

WhatsApp's current privacy settings are limited to blocking individual users and silencing unknown callers. The app also allows users to add a profile name, but that's only displayed in chat groups for other people who don't have the user's contact info saved.

While Americans still prefer text messaging to WhatsApp, the app is widely used in Europe, Asia and much of the rest of the world.

Catchy online handles are highly coveted and users will likely scramble to claim a desirable one.

“I think a lot of people will go and get usernames and that’s why we decided to open reservations early,” Newton-Rex said.

Companies, organizations and creators with existing accounts on Meta's social media platforms, Instagram and Facebook, will get the chance to claim their usernames on WhatsApp.

Usernames need to be between three and 35 characters. To prevent impersonation, WhatsApp will hold back usernames for high-profile people or groups such as celebrities, public figures and government entities.