Skip to main content

Why tips like ‘turn off your iPhone for five minutes’ don’t actually help users

Last week, Australia’s prime minister offered some security advice for iPhone users, suggesting that everyone should turn off their iPhone for five minutes every night. On the surface, this may seem like harmless advice for iPhone users, but the reality is quite a bit more nuanced.

In fact, such broad and generalized statements like this one can do a disservice to most people. Here’s why.

Australia’s prime minister, Anthony Albanese, made the comment last week while highlighting the need for the country to “thwart cyber risks” proactively. “We all have a responsibility. Simple things, turn your phone off every night for five minutes. For people watching this, do that every 24 hours, do it while you’re brushing your teeth or whatever you’re doing,” Albanese explained.

Albanese’s advice isn’t necessarily bad advice. In fact, it’s based on similar guidance that the US National Security Agency (NSA) issued in August 2020. But the advice from the NSA was far more specific and nuanced than what Albanese outlined during his speech last week.

In its breakdown of “Mobile Device Best Practices,” the NSA says that rebooting your iPhone once every week can “sometimes prevent” things like spear phishing and zero-click exploits. These types of threats, however, are highly targeted and generally target specific individuals or groups of individuals.

Other tips offered by the NSA include things like disabling Bluetooth, Wi-Fi, and cellular when not in use, using a “mic-drowning case and cover camera,” and more. This sort of advice, as pointed out by security expert Troy Hunt on Twitter, is meant for the “intelligence community, not the general masses.”

Spear phishing is a more extreme version of phishing that aims to collect information from targeted individuals and companies. It often involves months of research and reconnaissance before being deployed against the targeted individual or organization. It can be used to steal data and personal information, or to install malware on the targeted person’s device.

Zero-click exploits are dangerous because they can compromise a device without the user doing anything at all. The vast majority of zero-click exploits, however, don’t target everyday iPhone users. Instead, they are state-sponsored attacks from governments with poor human rights records, developed to spy on political opponents, journalists, lawyers, and human rights activists.

Apple’s Lockdown Mode

Last July, Apple unveiled something it calls Lockdown Mode. This feature was announced as part of the company’s continued commitment to protecting users from this type of highly-targeted mercenary spyware. Lockdown Mode is built-in to every iPhone running iOS 16 and newer, and it includes extreme protections to limit exposure to zero-click exploits.

  • Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
  • Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
  • Wired connections with a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

“Lockdown Mode is an extreme, optional protection that should be used only if you believe you may be personally targeted by a highly sophisticated cyberattack,” Apple explains. “Most people are never targeted by attacks of this nature.”

Apple says that “very few users” should have Lockdown Mode enabled on their iPhone. This primarily includes people who “may be personally targeted by some of the most sophisticated digital threats” because of who they are or what they do.

9to5Mac’s Take

check passwords and improve security

The advice from Australia’s prime minister isn’t necessarily wrong, but it misses key pieces of nuance.

While true that rebooting an iPhone on a weekly or daily basis may ever-so-slightly help reduce the threat presented by spear phishing and zero-click exploits, those aren’t threats that most users need to worry about. In fact, for most users who do need to worry about those threats, Apple’s Lockdown Mode exists as a much more robust solution.

Essentially what Albanese did was cherry-pick a piece of advice meant for the security community, remove the nuance, and pass it off as generalized advice for all iPhone users.

For the average and reasonable iPhone user, however, Albanese’s could do more harm than good. Any reasonable iPhone user might read the quote from Albanese and walk away with the impression that all they have to do to protect themselves and their devices is to reboot their phone once a day. If you’re reading 9to5Mac, chances are you know that’s not actually true.

Apple has a robust set of features built right into iOS that can help everyday iPhone users protect themselves and their data. Taking advantage of these features – many of which are on by default – is the best way for iPhone users to safeguard their data. This ranges from things like Face ID to protections in Safari, location sharing, App Store rules, two-factor authentication, and much more. iMessage, for instance, offers incredibly robust protection for users thanks to its use of end-to-end encryption.

My take is this: iPhone users can ignore the “advice” offered by Australia’s prime minister. Instead, spend some time reviewing Apple’s built-in tools for privacy and security. One of the most crucial things in my opinion is using a strong and unique password for every website, app, and service you log into. Better yet, if that website offers passkey support, use that instead.

Another key is to make sure you’re always running the latest version of iOS on your iPhone. Apple regularly releases new versions of iOS with important security fixes and other improvements. This is true even for older iPhones that are still running iOS 15, for which Apple just recently released iOS 15.7.7 with security fixes.

For those keeping track at home, iOS 15 is supported all the way back to the iPhone 6S, which was released in 2015. That’s an impressive eight years of firmware updates and security fixes.

Finally, as Troy Hunt puts succinctly out on Twitter: “The nastiest stuff the masses are likely to experience is apps requesting excessive permissions. Turning your phone off while you brush your teeth doesn’t fix that. Being selective of apps you install and the permissions you allow is the fix.”

Follow ChanceTwitterInstagram, and Mastodon

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications