Australia’s prime minister has echoed the advice of cybersecurity professionals, in recommending that you turn off your iPhone for five minutes every night.

No, it’s not so you can reduce your daily Screen Time to 23 hours and 55 minutes, but to stop any spyware that may be running in the background on your device …

The idea that you should periodically force-quit apps in order to improve the performance of your iPhone has been one of the persistent myths among non-techies, but rebooting your phone is different. By closing all background processes, it can offer at least some degree of privacy protection against spyware.

The Guardian reports that Australia’s prime minister, Anthony Albanese, offered the advice while announcing a new security appointment.

Albanese, has told residents they should turn their smartphones off and on again once a day as a cybersecurity measure – and tech experts agree.

Albanese said the country needed to be proactive to thwart cyber risks, as he announced the appointment of Australia’s inaugural national cybersecurity coordinator […]

“We all have a responsibility. Simple things, turn your phone off every night for five minutes. For people watching this, do that every 24 hours, do it while you’re brushing your teeth or whatever you’re doing.”

The US National Security Agency (NSA) endorses this advice. It has previously recommended hard-rebooting smartphones at least once a week, for the same reason.

In the case of highly sophisticated spyware like NSO’s Pegasus, it may achieve little: A lot of work is put into exploiting vulnerabilities that allow the malware to relaunch after reboots. But security experts say that it can be worthwhile even then.

Dr Priyadarsi Nanda is a senior lecturer at the University of Technology Sydney who specialises in cybersecurity development.

He said rebooting a phone regularly could minimise risk because it forcibly closes any applications and processes running in the background that could maliciously be monitoring users or collecting data […]

“If there’s a process running from the adversarial side, turning off the phone breaks the chain, even if it’s only for the time the phone is off, it certainly frustrates the potential hacker.

“It may not fully protect you, but [rebooting] can make things more difficult” for hackers, Nanda said.

New South Wales cybersecurity lecturer Dr. Arash Shaghaghi agrees, saying that it puts one additional hurdle in the way of attackers.

Shaghaghi said that with so-called zero click exploits – sophisticated attacks that don’t require an action from a user to give an adversary access – rebooting a smartphone “may challenge the attackers as they may need to find alternative means to exploit the device once powered back on”.

Just last month, Apple alerted Pegasus victims in the first known case of the spyware being used during a military conflict.

Apple alerted Pegasus spyware victims during first known use in a military conflict

Security researchers have documented the first known case of NSO’s Pegasus spyware being used in a military conflict. The hacks relate to the long-running military conflict between Armenia and Azerbaijan, over a region claimed by both countries.

The victims – who included a United Nations official, journalists, human rights advocates, and a former government minister – received alerts from Apple that their iPhones had been hacked …

Pegasus spyware

NSO Group makes spyware called Pegasus, which is sold to government and law enforcement agencies. The company purchases so-called zero-day vulnerabilities (ones that are unknown to Apple) from hackers, and its software is capable of mounting zero-click exploits – where no user interaction is required by the target.

In particular, simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be compromised, with personal data exposed.

NSO sells Pegasus only to governments, but its customers include countries with extremely poor human rights records – with political opponents and others targeted.

Apple alerts

By the nature of zero-click attacks, it’s only possible to identify and patch the vulnerability after it has already been exploited. However, Apple has come up with ways to spot signs of a compromised iPhone, and it now sends alerts to devices it believes have fallen victim to a Pegasus attack.

Apple has sent these alerts to a range of people, including pro-democracy protestors in Thailand, senior European Union officials, a Polish prosecutor, and US State Department staff.

At least a dozen hacks in Armenia/Azerbaijan conflict

The Guardian reports that at least a dozen people had their iPhones hacked by Pegasus spyware.

Researchers have documented the first known case of NSO Group’s spyware being used in a military conflict after they discovered that journalists, human rights advocates, a United Nations official, and members of civil society in Armenia were hacked by a government using the spyware.

The hacking campaign, which targeted at least a dozen victims from October 2020 to December 2022, appears closely linked to events in the long running military conflict between Armenia and Azerbaijan over the contested Nagorno-Karabakh region.

Apple detected that the devices had been compromised, and sent alerts to victims. These included Anna Naghdalyan, who was an Armenian foreign office spokesperson at the time. Her phone was hacked at least 27 times, according to the report.

Researchers said the timing of the attacks put her “squarely in the most sensitive conversations and negotiations related to the Nagorno-Karabakh crisis”, including the ceasefire mediation attempts by France, Russia, and the US and official visits to Moscow and Karabakh.

Naghdalyan told Access Now that she had “all the information about the developments during the war on [her] phone” at the time of her hacking

All the evidence points to Azerbaijan government

While researchers say that they cannot absolutely determine who carried out the spyware attacks, there is “substantial evidence” that Azerbaijan has a Pegasus contract.

Additionally, the victims selected for the hacks would also point to the Azerbaijan government. Neither government responded to a request for comment.

Pegasus threat remains

The US government banning the use of Pegasus by its own agencies had a severe impact on NSO’s finances, and the fact that Apple is now able to alert victims makes the spyware significantly less useful. Apple also offers a Lockdown Mode, allowing high-risk individuals to harden their iPhones against Pegasus, but at the cost of a great deal of functionality.

However, NSO’s financial struggles potentially make it more dangerous, as it reportedly planned to sell its software to red-flagged countries.

Privacy is a growing concern in today’s world. Follow along with all our coverage related to privacy, security, what Apple and other companies are doing to keep your information safe, and what steps you can take to keep your information private.