{"id":24020,"date":"2022-01-10T16:43:28","date_gmt":"2022-01-10T16:43:28","guid":{"rendered":"https:\/\/www.kaspersky.co.uk\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/24020\/"},"modified":"2022-01-10T16:43:28","modified_gmt":"2022-01-10T16:43:28","slug":"what-is-noreboot-attack-and-how-to-protect-your-smartphone","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/24020\/","title":{"rendered":"NoReboot: A fake restart to gain a foothold in the system"},"content":{"rendered":"<p>To be absolutely sure your phone isn\u2019t tracking you or listening in on any conversations, you might turn it off. It seems logical; that way, even if the phone is infected with serious spyware, it can\u2019t do anything.<\/p>\n<p>In addition, turning off or restarting a smartphone is one of the most reliable ways to fight such infections; in many cases, spyware \u201clives\u201d only until the next reboot because it cannot gain a permanent foothold in the operating system. At the same time, the vulnerabilities that allow malware to work even after a reboot are rare and expensive to exploit.<\/p>\n<p>However, this tactic might not work forever. Researchers have come up with a technique to bypass it using a method they have named NoReboot. In essence, this attack is a fake restart.<\/p>\n<h2>What is NoReboot, and how does the attack work?<\/h2>\n<p>We want to note right off the bat that NoReboot is not a feature of any real spyware in use by attackers; rather, it\u2019s a so-called <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/poc-proof-of-concept\/\" target=\"_blank\" rel=\"noopener\">proof of concept<\/a> that researchers demonstrated under laboratory conditions. At this point it is hard to say whether the method will actually gain traction.<\/p>\n<p>For the demonstration, the researchers used an iPhone they \u201cinfected\u201d beforehand. Unfortunately, they haven\u2019t shared the technical details. Here\u2019s what happens in the demonstration:<\/p>\n<ul>\n<li>The spy malware, which transfers the image from the camera, runs on the iPhone;<\/li>\n<li>The user tries to shut off the phone the usual way, using the power and volume buttons;<\/li>\n<li>The malware takes control and shows a perfect fake instead of the standard iOS shutdown screen;<\/li>\n<li>After the user drags the power-off slider, which also looks perfectly normal, the smartphone\u2019s screen goes dark and the phone no longer responds to any of the user\u2019s actions;<\/li>\n<li>When the user presses the power button again, the malware displays a perfect replica of the iOS boot animation.<\/li>\n<li>During the entire process, the phone is continually transferring the image from the phone\u2019s front camera to another device without the user\u2019s knowledge.<\/li>\n<\/ul>\n<p>As is often the case, seeing is believing, and we recommend checking out the researchers\u2019 video:<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/g_8JVUVLxTk?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<h2>How to protect yourself against NoReboot<\/h2>\n<p>Again, at least for now NoReboot is only a demonstration of the feasibility of an attack. The attack is alarming, to be sure, but don\u2019t forget that malware needs to get onto a smartphone before it can do any damage. Here are some tips to help you prevent that from happening:<\/p>\n<ul>\n<li>Keep in mind that it\u2019s much harder for attackers to infect a smartphone remotely than if they have physical access to it. Be careful not to let someone else get hold of your smartphone \u2014 especially for a long period of time \u2014 and install a reliable device lock.<\/li>\n<li>People most often install malware on their smartphones on their own, voluntarily. Be careful about what you download and avoid installing unnecessary apps \u2014 that is, those you can easily live without \u2014 as a general rule.<\/li>\n<li>Don\u2019t root or jailbreak your smartphone (at least if you haven\u2019t been using *nix systems for many years). Superuser rights <a href=\"https:\/\/www.kaspersky.com\/blog\/android-root-faq\/17135\/\" target=\"_blank\" rel=\"noopener nofollow\">make malware\u2019s work exponentially easier<\/a>.<\/li>\n<li>If you have an Android device, we recommend installing <a href=\"https:\/\/www.kaspersky.co.uk\/mobile-security?icid=gb_kdailyplacehold_acq_ona_smm__onl_b2c_kdaily_wpplaceholder_sm-team___kisa____c26d4ec02c10279d\" target=\"_blank\" rel=\"noopener\">an antivirus solution<\/a>\u00a0\u2014 to block Trojans from penetrating the system.<\/li>\n<li>Let your smartphone die a natural death from time to time \u2014 that is, wait for the charge to run out completely. The phone will then most certainly restart without any fakes, and there\u2019s an excellent chance that spies will disappear from the system. You can speed up the process by using a resource-hungry app, such as a game or benchmark-test utility.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kisa-generic-2\">\n","protected":false},"excerpt":{"rendered":"<p>How a fake restart helps malware to gain a foothold in a smartphone\u2019s operating system without exploiting a persistence vulnerability.<\/p>\n","protected":false},"author":421,"featured_media":24021,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2026],"tags":[1150,26,36],"class_list":{"0":"post-24020","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-ios","9":"tag-iphone","10":"tag-malware-2"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/24020\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/23823\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/19322\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/26052\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/23725\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/26699\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/26294\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/32185\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/10440\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/43292\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/18414\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/18796\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/15666\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/27940\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/32283\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/27991\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/24769\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/30169\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/what-is-noreboot-attack-and-how-to-protect-your-smartphone\/29960\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/ios\/","name":"iOS"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/24020","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=24020"}],"version-history":[{"count":0,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/24020\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/24021"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=24020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=24020"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=24020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}