37pc of Organizations Impacted by Cryptomining over Past Year

Check Point Software Technologies Ltd has published the first instalment of its 2019 Security Report.  The report highlights the main tactics cyber-criminals are using to attack organizations worldwide across all industries, and gives cyber security professionals and C-Level executives the information they need to protect their organizations from today’s fifth-generation cyber-attacks and threats.

The first instalment of the 2019 Security Report reveals the key malware trends and techniques observed by Check Point researchers during the past year. Highlights include:

* Cryptominers dominated the malware landscape:  Cryptominers occupied the top four most prevalent malware types and impacted 37 percent of organizations globally in 2018. Despite a fall in the value of all cryptocurrencies, 20 percent of companies continue to be hit by cryptomining attacks every week.  Cryptominers have also highly evolved recently to exploit high profile vulnerabilities and to evade sandboxes and security products in order to expand their infection rates.

* Mobiles are a moving target:  33 percent of organizations worldwide were hit by mobile malware, with the leading three malware types targeting the Android OS. 2018 saw several cases where mobile malware was pre-installed on devices, and apps available from app stores that were actually malware in disguise.

* Multi-purpose botnets launch range of attacks:  Bots were the third most common malware type, with 18 percent of organizations hit by bots which are used to launch DDoS attacks and spread other malware. Bot infections were instrumental in nearly half (49 percent) of organizations experiencing a DDoS attack in 2018.

* Ransomware attacks in decline: 2018 saw ransomware usage fall sharply, impacting just 4 percent of organizations globally.

“From the meteoric rise in cryptomining to massive data breaches and DDoS attacks, there was no shortage of cyber-disruption caused to global organizations over the past year. Threat actors have a wide range of options available to target and extract revenues from organizations in any sector, and the first instalment of the 2019 Security Report highlights the increasingly stealthy approaches they are currently using,” said Peter Alexander, chief marketing officer of Check Point Software Technologies.  

“These multi-vector, fast-moving, large-scale Gen V attacks are becoming more and more frequent, and organizations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data.  The 2019 Security Report offers knowledge, insights and recommendations on how to prevent these attacks.”

via bwcio

Read more »

Malware Campaign Targeting Jaxx Wallet Holders Shut Down

A site spoofing the official Jaxx website was discovered packing several infections for Windows and Mac machines, and has been shut down.

A malware campaign targeted Jaxx cryptocurrency wallet holders through a website spoofed to mimic the legitimate Jaxx site, researchers at Flashpoint reported this week. The fraudulent site has since been taken down.

Jaxx was created by Ethereum cofounder and Decentral founder Anthony Di Iorio, who built the wallet in 2015 to help people manage digital assets. It has been downloaded more than 1.2 million times on desktop and mobile, the company reported in March. Its latest version, Jaxx Liberty supports more than a dozen cryptocurrencies, including Bitcoin and Ethereum.

Earlier this month, Flashpoint notified both Jaxx and the Cloudflare content delivery network of a spoofed site designed to mimic Jaxx's, created on Aug. 19. The site had a URL similar to the legitimate Jaxx[.]io and included line-by-line copy taken from the actual site, with modifications made to the download links to redirect visitors to a server controlled by attackers.

Researchers point out this campaign is built on social engineering and not a vulnerability in the Jaxx mobile app, website, or any domains owned by Decentral. The fraudulent Jaxx site packed several custom and commodity strains of malware developed to empty users' wallets.

"It's unclear how the attackers were luring victims to the spoofed Jaxx site, whether they were relying on poisoned search engine results, phishing via email or chat applications, or other means to infect victims," researchers report in a post on their findings.

Malware Skips Mobile, Goes to Desktop

This campaign was strictly focused on desktop victims, researchers report. Mobile users who clicked "download" on the malicious site were redirected to the legitimate Jaxx site, uninfected.

Windows and Mac OS X users, however, weren't quite as lucky. Visitors to the fake website would likely believe they were on the real one, as attackers installed the legitimate software onto victims' computers while malware was simultaneously installed in the background.

Mac users who clicked bad links received a custom malicious Java Archive (JAR) file, which was programmed in PHP and compiled using DevelNext, a Russian-language IDE. It seems the malware was developed specifically for this campaign; Jaxx branding is throughout the code.

If the JAR was executed it displayed a message in both Russian and English stating the user was temporarily blocked from creating a new wallet. They were rerouted to a "Pair/Restore Wallet" option, which prompted them for their Jaxx backup wallet phrase, a password used to decrypt wallets so threat actors could pilfer digital currency from the target's account. The victim's backup phrase went to the attackers' server, and they saw another error message.

The Windows link downloaded a custom-written .NET application, which contained both malicious behavior and two additional malware samples. This behavior included exfiltrating all the victim's desktop files to a command-and-control server, and the malware samples were KPOT Stealer and Clipper, both marketed on underground Russian-language cybercrime sites.

Victims who clicked the link downloaded a Zip archive from a Google Docs URL. The malicious .NET binary, like the JAR for OS X, was built for this campaign. Malware contacted the command-and-control server where the target's files were uploaded, while the fake application downloaded three executables from URLs: the Liberty Beta installer, KPOT, and Clipper.

KPOT is designed to steal information from the local hard drive; Clipper scans the clipboard for digital wallet addresses. Once it detects an address, it swaps it out for a different address under the attackers' control. If an address is changed in the clipboard, victims may not notice the recipient has changed when they copy-and-paste addresses to send payments.

via darkreading

Read more »

Malware Attacks Exploit Open Source MDM Software to Compromise iPhones and Apps

Thirteen iPhone users in India fell victim to malware attacks that exploited open source mobile device management (MDM) software to break into corporate devices.

In July 2018, security researchers from Cisco’s Talos security division discovered a campaign that has been running since 2015, using at least five applications. Two of these apps conducted phony tests on the devices, while others sent SMS messages back to the attackers and extracted location data and other information.

Why MDM Deployments May Be at Risk

The attackers were able to change passwords, revoke certificates and replace apps like WhatsApp and Telegram with malicious versions either by gaining physical access to the iPhones or by using social-engineering tactics.

These attacks come at a time when large enterprises are working harder than ever to provide a safe way for employees to access corporate networks via their mobile devices. Most organizations use MDM tools to do just that, but the threat actors behind the malware attacks exploited these systems to trick users into accepting malicious certificates.

Similar to opening a phishing email, this essentially gave remote management access to the attackers. While the researchers reported no immediate financial repercussions, they noted that switching out various mobile apps would enable cybercriminals to gather priority data from users or their employer.

Establish Security Policies to Limit Malware Attacks

While some data may be stored locally on a mobile device, IBM Security experts emphasize that security professionals can limit the impact of these malware attacks by establishing strong security policies to lock down access to the corporate network. According to a January 2018 IBM white paper, such policies could include setting up specific windows of availability for certain applications and data, as well as a passcode to protect the MDM app itself.

Read more »

What Is Smishing?

Cybercriminals have created various methods to trick people into downloading viruses or malware onto their laptops, tablets, and smartphones.

The latest form is smishing, another tool used by cybercriminals to obtain personally identifiable information and steal identities by infecting your smartphone through texts or an SMS message. The software’s malicious intent comes in the form of viruses, ransomware, spyware or adware.

The term “smishing” is a mashup of SMS (short message service) and phishing, which is when fraudsters utilize malware by sending emails which mimic a trustworthy source such as credit card company, financial institution or retailer. Unsuspecting consumers mistakenly open the email and click on the links, allowing the malware to be activated.

When people click on the links, the fraudsters can trick them into sharing their password, credit card numbers or other personally identifiable information such as Social Security numbers.

Now growing in popularity, fraudsters often deploy smishing because too many people are unaware of this new type of fraud and trust text messages more than the emails they receive.

The fraudsters are following a similar strategy when it comes to phishing and rely on social engineering to get more people to give out their personal information. The smisher wants to obtain passwords, credit card information or your Social Security number to sell them on the darknet, a.k.a. the dark web.

If fraudsters are able to obtain your personal information, they can steal your identity and apply for credit cards and loans while pretending to be you, which can greatly affect your credit score.

Some smishers have deployed a tactic of telling people that if they fail to click on the link and provide their personal information, the company they’re pretending to be will start charging daily for the service. These fraudsters will attempt to fool you into thinking they are a legitimate source you would normally use or trust.

Ignore all messages that seem bizarre or are from companies where you did not sign up for text alerts.

How to Prevent Smishing

These two words will help you avoid smishing attacks: Delete and block.

Just like emails, don’t reply to texts to people who are not in your address book. There are too many incidences of fraud and the headaches of identity theft are not worth it.

When a text message or SMS comes from a number such as “8000” and does not resemble a standard phone number, skip them. Those are simply emails that are sent to a smartphone.

As more and more people share links from articles, videos or social media, it is easy to just click on a link. Skip the ones from people you do not know. If the link looks suspicious or out of character to be coming from that particular friend, ask them if they sent it.

Protecting Yourself From Identity Theft

If you communicate through your mobile device frequently or use it to watch videos or movies, consider adding a VPN to your phone. A VPN is virtual private network and prevents fraudsters from seeing your activity on the Internet.

VPNs can be used on a person’s mobile device, laptop or computer and is useful when you are accessing the Internet from a public network at an airport, retailer or hotel.

The risk of using public WiFi is high because criminals routinely intercept people’s sensitive and personal data as they are paying bills or shopping. The public networks are being watched by hackers so they can steal passwords and identities and install malware.

Adding a VPN will shield both your activity and personally identifiable information. While some VPNs are free, others can be purchased, but people should conduct due diligence before downloading one.

Since smishing is occurring more frequently, it is good practice to check your credit report on a regular basis to see if a fraudster tried to open a new credit card or another account in your name. Consumers can obtain one free credit report from Experian, Equifax and Transunion every 12 months at AnnualCreditReport.com. You can also get a free copy of your Experian credit report and dispute anything inaccurate on it here on Experian.com.

Read more »

Millions of Android devices forced to mine Monero for crooks

No device is safe from criminals looking to make it stealthily mine cryptocurrency for them. However weak its processing power is, it still costs them nothing.

With that in mind, forced crypto mining attacks have also begun hitting mobile phones and tablets en masse, either via Trojanized apps or redirects and pop-unders.

An example of the latter approach has been recently documented by Malwarebytes’ researchers.

The attack

“In a campaign we first observed in late January, but which appears to have started at least around November 2017, millions of mobile users (we believe Android devices are targeted) have been redirected to a specifically designed page performing in-browser crypto mining,” the researchers shared.

The number might be even higher than that, as they believe that some of the browser-hijacking domains remain undetected for now.

The attack goes like this: users are redirected via malvertising chains to malicious websites. In this particular campaign, Internet Explorer and Chrome users were directed to sites serving tech support scams, but Android users were delivered to a crypto mining page:

Interestingly enough, the page says that the browser will mine cryptocurrency until the user proves that he or she is human by solving a CAPTCHA. But the warning and the test are bogus – they are just a way to make the forced mining acquire a whiff of legitimacy.

How widespread and effective is this scheme?

The researchers identified several identical domains all using the same CAPTCHA code but using different Coinhive site keys in the mining script.

Two of these domains have received over 66 millions of visitors since November 2017, and they estimate that the traffic combined from the five domains they identified so far equals to about 800,000 visits per day, with an average time of four minutes spent on the mining page.

How much Monero could this operation yield, you wonder? It’s difficult to say, exactly.

“Because of the low hash rate and the limited time spent mining, we estimate this scheme is probably only netting a few thousand dollars each month. However, as cryptocurrencies continue to gain value, this amount could easily be multiplied a few times over,” the researchers noted.

They also pointed out that, while these devices are less powerful than desktop computers, there is also a much greater number of them out there. Add to this the fact that many users don’t bother installing security apps on their smartphones and tablets, and you have a recipe for low-effort, long-term and widespread stealthy crypto-mining.

Advice for users

“While Android users may be redirected from regular browsing, we believe that infected apps containing ad modules are loading similar chains leading to this crypto mining page. It’s possible that this particular campaign is going after low-quality traffic—but not necessarily bots —and rather than serving typical ads that might be wasted, they chose to make a profit using a browser-based Monero miner,” the researchers said.

If you’re an Android user and you’ve started seeing these bogus pages on the regular, chances are one of the apps you recently downloaded is the culprit. Uninstalling it should fix the problem unless it has some kind of persistence mechanism.

In general, it is a good idea to install a reputed security solution on your device to check for malicious code and behavior each and every app you download and install.

Read more »

5 mobile security threats you should take seriously in 2018

IDGNS

Mobile security is at the top of every company's worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is $21,155 per day, according to a 2016 report by the Ponemon Institute.

While it's easy to focus on the sensational subject of malware, the truth is that mobile malware infections are incredibly uncommon in the real world — with your odds of being infected significantly less than your odds of being struck by lightning, according to one estimate. That's thanks to both the nature of mobile malware and the inherent protections built into mobile operating systems.

The more realistic mobile security hazards lie in some easily overlooked areas, all of which are only expected to become more pressing in the coming year:

1. Data leakage

It may sound like a diagnosis from the robot urologist, but data leakage is widely seen as being one of the most worrisome threats to enterprise security as we head into 2018. What makes the issue especially vexing is that it often isn't nefarious by nature; rather, it's a matter of users inadvertently making ill-advised decisions about which apps are able to see and transfer their information.

"The main challenge is how to implement an app vetting process that does not overwhelm the administrator and does not frustrate the users," says Dionisio Zumerle, research director for mobile security at Gartner. He suggests turning to mobile threat defense (MTD) solutions — products like Symantec's Endpoint Protection Mobile, CheckPoint's SandBlast Mobile, and Zimperium's zIPS Protection. Such utilities scan apps for "leaky behavior," Zumerle says, and can automate the blocking of problematic processes.

Of course, even that won't always cover leakage that happens as a result of overt user error — something as simple as transferring company files onto a public cloud storage service, pasting confidential info in the wrong place, or forwarding an email to an unintended recipient. That's a challenge the healthcare industry is currently struggling to overcome: According to specialist insurance provider Beazley, "unintended disclosure" was responsible for a full 41 percent of data breaches reported by healthcare organizations in the first three quarters of 2017 — more than double the next highest cause.

For that type of leakage, data loss prevention (DLP) tools may be the most effective form of protection. Such software is designed explicitly to prevent the exposure of sensitive information, including in accidental scenarios.

2. Social engineering

The tried-and-true tactic of trickery is just as troubling on the mobile front as it is on desktops. Despite the ease with which one would think social engineeringcons could be avoided, they remain astonishingly effective.

A staggering 90 percent of data breaches observed by Verizon's Enterprise Solutions division are the result of phishing, according to the company's 2017 Data Breach Investigations Report. While only 7 percent of users fall for phishing attempts, Verizon says, those gullible guys and gals tend to be repeat offenders: The company estimates that in a typical organization, 15 percent of users who are successfully phished will be phished at least one more time within the same year.

What's more, numerous bits of research suggest users are more vulnerable to phishing from mobile devices than desktops — by as much as three times, according to an IBM study, in part because a phone is where people are most likely to first see a message. "We do see a general rise in mobile susceptibility driven by increases in mobile computing overall [and] the continued growth of BYOD work environments," says John "Lex" Robinson, information security and anti-phishing strategist at PhishMe — a firm that uses real-world simulations to train workers on recognizing and responding to phishing attempts.

Robinson notes that the line between work and personal computing is also continuing to blur. More and more workers are viewing multiple inboxes — connected to a combination of work and personal accounts — together on a smartphone, he notes, and almost everyone conducts some sort of personal business online during the workday. Consequently, the notion of receiving what appears to be a personal email alongside work-related messages doesn't seem at all unusual on the surface, even if it may in fact be a ruse.

3. Wi-Fi interference

A mobile device is only as secure as the network through which it's transmitting data. In an era where we're all constantly connecting to public Wi-Fi networks, that means our info often isn't as secure as we might assume.

Just how significant of a concern is this? According to new research being released by enterprise security firm Wandera this week, corporate mobile devices use Wi-Fi almost three times as much as they use cellular data. Nearly a quarter of devices have connected to open and potentially insecure Wi-Fi networks, and 4 percent of devices have encountered a man-in-the-middle attack — in which someone maliciously intercepts communication between two parties — within the most recent month.

"These days, it's not difficult to encrypt traffic," says Kevin Du, a computer science professor at Syracuse University who specializes in smartphone security. "If you don't have a VPN, you're leaving a lot of doors on your perimeters open."

Selecting the right enterprise-class VPN, however, isn't so easy. As with most security-related considerations, a tradeoff is almost always required. "The delivery of VPNs needs to be smarter with mobile devices, as minimizing the consumption of resources — mainly battery —  is paramount," Gartner's Zumerle points out. An effective VPN should know to activate only when absolutely necessary, he says, not when a user is accessing a news site, for instance, or when a user is working within an app that's known to be trustworthy and secure.

4. Out-of-date devices

Smartphones, tablets and smaller connected devices — commonly known as the internet of things (IoT) — pose a new risk to enterprise security in that unlike traditional work devices, they generally don't come with guarantees of timely and ongoing software updates. This is true particularly on the Android front, where the vast majority of manufacturers are embarrassingly ineffective at keeping their products up to date — both with operating system (OS) updates and the smaller monthly security patches between them — as well as with IoT devices, many of which aren't even designed to get updates in the first place.

"Many of them don't even have a patching mechanism built in, and that's becoming more and more of a threat these days," Du says.

Again, a strong policy goes a long way. There are Android devices that do receive timely and reliable ongoing updates. Until the IoT landscape becomes less of a wild west, it falls upon a company to create its own security net around them.

5. Physical device breaches

Last but not least is something that seems silly but remains a disturbingly realistic threat: A lost or unattended device can be a major security risk, especially if it doesn't have a strong PIN or password and full data encryption.

Consider the following: In a 2016 Ponemon Institute study, 35 percent of professionals indicated their work devices had no mandated measures in place to secure accessible corporate data. Worse yet, nearly half of those surveyed said they had no password, PIN, or biometric security guarding their devices — and about two-thirds said they didn't use encryption. Sixty-eight percent of respondents indicated they sometimes shared passwords across personal and work accounts accessed via their mobile devices.

The take-home message is simple: Leaving the responsibility in users' hands isn't enough. Don't make assumptions; make policies. You'll thank yourself later.

via CSO

Read more »

The best mobile threat defense is mobile threat

It’s time to add MTD to your Enterprise Mobile Management toolkit. Because it’s better to get ahead of mobile threats than it is to try and clean them up after you’ve been attacked

As enterprises push ahead with mobile-first strategies – and employee smartphones and tablets increasingly become business tools – the importance of mobile threat defense (MTD) is growing.

Using mobile threat detection and defense, however, is no small task; the technology must cover applications, networks and device-level threats to iOS and Android phones and tablets to be effective.

"We talk about mobile threat defense, rather than detection – the reason being these solutions not only detect, but also can prevent and remediate threats," said Dionisio Zumerle, research director for mobile security at Gartner.

[ Further reading: What is EMM? Enterprise Mobility Management explained ]

The MTD market is growing in terms of adoption, and has started to attract attention from endpoint protection platform (EPP) vendors and in other related markets, according to a recent report from Gartner.

By 2019, mobile malware will amount to one-third of total malware reported in standard tests, up sharply from 7.5% of malware today, according to Gartner's Market Guide for Mobile Threat Defense Solutions. By 2020, 30% of organizations will have MTD in place, up from the less than 10% who have it in place this year.

There is still a lot of confusion and uncertainty from end users regarding which risks MTD addresses and how urgent or useful it can be, Gartner said.

Mobile application "reputation solutions," which are used to perform app vetting, are converging with MTD in a single solution.

Machine learning plays a crucial role in threat detection

Additionally, machine learning has emerged as a foundational technology in mobile threat detection, even though it has only been around for a few years.

MTD and machine learning employs on-device software and crowdsourced threat intelligence and behavioral anomaly detection.

Machine learning, simply put, allows computers to develop more sophisticated behavior, such as pattern recognition, without being specifically programmed for it. The idea behind machine learning in MTD is for the software to sit in the background and monitor application and user behavior and identify anomalous behavior.

"By observing how devices behave, you can determine what is normal and what is abnormal behavior, and what might lead to a malicious action," Zumerle said. "Machine learning is one of the ways to speed this process up. Crowdsourcing is another component."

For example, if you have 1,000 iOS devices on iOS 11.1 and most of them have very similar types of firmware, but one of them diverges significantly from that norm, chances are there is a modified library; that modification is abnormal – and it might be done for malicious purposes, Zumerle said.

Malware is harder to find

The ability to monitor user and application behaviors is needed more than in the past. While malware has always been disguised as legitimate apps, it's harder to find now, according Jack Gold, principal analyst at J. Gold Associates, a mobile research firm. How you establish what is anomalous behavior is the hard part.

"Before, you could do a scan of the binary and find patterns that didn't match what they were supposed to do and detect it. Now, malware is often much more subtle and harder to find with a scan," Gold said. "You need to find the behavior of the app."

For instance, developers can build fake apps that pose as legitimate ones, say from Amazon, that will divert an end user to a site that can then steal the sensitive data they enter while attempting to make a purchase.

"How could you find that with a simple scan?" Gold said.

Another example are phishing attacks, which can't be detected through a scan either.

"So, behavior, both by the app and the person, is key to finding bad things happening, and [machine learning and artificial intelligence] are pretty good at that detection if properly trained," Gold said.

But it's a tug of war, Gold added, as the malware and anti-malware developers continue to get better.

"There's no 100% solution," he said, adding that enterprises hoping to thwart mobile threats need multiple levels of defense.

MTD vendors and guidelines

Among the industry's leading providers of MTD solutions are CheckPoint's SandBlast Mobile, Lookout's Mobile Endpoint Security, Proofpoint's Mobile Defense, Pradeo's Mobile Threat Defense, Symantec's Endpoint Protection Mobile, Wandera's Threat Defense, and Zimperium's zIPS Protection.

Gartner recommends several steps for adopting MTD solutions:

• Introduce MTD solutions gradually, depending on industry, applicable regulations, the sensitivity of data on mobile devices, specific use cases and organizational risk appetite. Policy enforcement will not be enough indefinitely as a security intervention.
• Adopt MTD sooner in high-security verticals, with large Android device fleets, or in regulated verticals, such as finance and healthcare.
• Integrate MTD with enterprise mobility management (EMM) tools. Network traffic proxying deployment options should be selected only where bring-your-own-device (BYOD) is not a factor, and where strict device management is applied.

Many of the MTD products are compatible with some or all EMM and MAM vendor solutions, including AirWatch, Blackberry, Microsoft, MobileIron, IBM and SOTI.

MTD solutions should not only be able to detect anomalous behavior by tracking expected or acceptable behavioral patterns, it should also be able to inspect mobile devices for configuration weaknesses that could open doors to malware.

The software should be able to monitor network traffic, cutting off suspicious connections as well as scanning applications to identify those that could place enterprise data at risk.

One frustration some enterprises have voiced with machine learning-based mobile security software are false positives, or legitimate apps or user behavior that's flagged as threats when they're not.

"It's a problem with all malware detection, not just mobile. I've downloaded apps I knew were good, but Symantec's software will pop up and say they're bad," Gold said.

MTD, however, is not dependent on machine learning, Zumerle pointed out. There are many simpler things an MTD option can do that may prove more tangible and beneficial to an enterprise right away.

"For example, a dashboard that can simply flag unpatched devices and order them in order of risk," Zumerle said. "Or a policy where an organization can blacklist all applications that, say, send the contact list to third parties outside the user's home country.

"In a nutshell, MTD solutions should be all-around mobile security solutions for enterprises."

Related: 

Senior Reporter Lucas Mearian covers enterprise mobile issues, including mobility management, security, hardware and apps, and enterprise collaboration technology.

via computerworld

Read more »

10 Tips to Freshen up Your Old iPhone Instead of Buying the iPhone X

With the release of the iPhone 8 and iPhone X, a lot of tech nerds, collectors and Apple cultists are upgrading ASAP. Whether they’re interested in the iPhone X’s edge-to-edge display, the iPhone 8’s snappy new a11 chip or simply to enjoy the tingling feeling they’ll get when someone sees they have the latest and greatest from Apple, they’re making sure they’re the first to get their hands on it. Ain’t nothin’ wrong with any of that.

But not everyone will be looking to upgrade. Some critics don’t see a large enough difference between the 7 and 8 to care, and others don’t see the justification of dropping a thousand buckaroos to cop the X. Trust me, I get it.

Just because you’re not looking to make the leap and upgrade yet doesn’t mean your current phone is trash. In fact, there’s a lot you could be doing to make sure you’re squeezing every ounce of sauce out of your old iPhone.

1. Disable Push Notifications

Power Clean

When you get push notifications delivered to your phone — from apps, game updates, the stock market, news, weather, emails, etc. — it makes your phone light up. It might not sound like that big a deal, but every email, every text message, every snap, every fucking Groupon deal (seriously Groupon, cut the shit), means energy is getting drained from your battery — even when you’re not using it.

If you go to Settings > Notifications, you can control exactly which apps have the ability to send you push notifications. Turn off the non-essentials, and keep as much of your battery life as possible.

2. Take a Look at Your Hard Drive Space

Your apps use a lot of space on your phone. And the “bulkier” and more bloated those apps become, they not only take up more physical storage on your hard drive, but they also take up more RAM and gum everything up. Some podcast apps save entire podcasts, even after you’re finished listening to them. Photo apps like Instagram will save duplicate photos to your Camera Roll, even if you don’t post the photo. Even Tinder takes increasingly more hard drive space with every match you get and conversation you start. Don’t even get me started on those bloated-ass games we all play for a week and then forget about. Of course, every single text message you send and receive is also stored on your iPhone’s hard drive.

All that crap takes up hard drive space and processing power that’s slowing your phone down and it’s all worth having a look at — and, potentially, deleting. Settings>General>iPhone Storage.

3. Disable Unnecessary Location Services

One of the coolest (and creepiest) features of your iPhone (and most smart phones, these days) is that it is always keeping tabs on where you are. Whether it’s to use the phone’s Find My Phone or Compass features, or whether it’s to grab a Lyft home from the bar, your phone always knows where you are. The problem is that certain apps request access to your location even when they’re not in direct use, and the more apps you have doing that at the same time, the more battery you’re going to use.

If you go to Settings > Privacy > Location Services, you can turn Location Services off completely, or you can go through each individual app on your phone and decide whether or not you want it to have access to your location. Some apps, like Uber, require users to have location services on at all times (regardless of whether they’re looking for a ride), while others, like Lyft, only require users’ locations when they’re actually using the app.

4. Give It a Makeover

Most of the stuff listed here are easy things you could do to make your older iPhone run and operate like new again, so I wanted to include at least one little bit about what you can do to make it appear different. The obvious answer is to buy a new case. Even though the 8 and X are out hogging the spotlight, developers are still putting out some pretty wild and creative cases for the older models. You can also fiddle with your background and lock images, give it a good cleaning, etc. Take pride in your stuff.

5. Turn off That Bullshit Background App Refresh

Your apps are always refreshing themselves in order to update the content in your respective feed. The idea is that when you launch them, you’re getting the most recent information. It sounds great in theory, but in practice, it means that some of these apps — Facebook, in particular — suck up a lot of battery in the background. If you notice your phone’s battery is getting weaker from prolonged use and charging periods (a side effect for every Lithium-ion battery, by the way), turning off Background App Refresh (Settings > General > Background App Refresh) will help ensure that apps are only consuming your precious battery life when you’re actually using them.

6. Close All Non-Essential Apps

This is an old one, but it’s still good as gold. If you were to look at how many apps are open on your phone right now, I bet you’d be shocked and perhaps even a little horrified at what you’d find. I did it just for the sake of proving my own point just now and found 42 apps open. Forty-fucking-two. Every single one of those apps is running in the background, sucking up tons of valuable battery life. Double tap Home to bring up the multi-tasking view, and then just swipe up on every app you want to exit. It’s that simple.

7. Lower Your Brightness

Apple iOS

Of course, there’s always the old “lower your brightness” trick. If you’re trying to conserve as much battery as possible, there’s absolutely zero reason to keep your screen brightness maxed out. The simple answer is: be smart. If you’re editing photos or reading an article, obviously up the brightness. But, when you’re done and don’t really need to use your home screen as a flashlight, toggle it down a bit. I keep my brightness at around 25% and I’ve never had a single problem with it.

8. Clear Your Safari Cache

Your Safari browser stores every single pieces of information you access from your phone on your phone’s hard drive. On one obvious end of the spectrum it’s convenient because pages will sometimes load faster, logins to your favorite sites are saved and your overall experience is generally pretty smooth. But when your phone gets to a point where it’s simply storing too much web data, it can make it things run sluggishly — particularly while web browsing. Sometimes you have to clear your history and free up the pipes a little bit. You can do that by going to Settings > Safari > Clear History and Website Data. You’ll have to log back into all your favorite sites, but you’ll see an immediate difference.

9. Give It a Soft Reset

I’ll be the first person to tell you that technology can be a big pain in the ass a lot of the time. While we’re seeing new advancements every day, nothing is perfect — including the iPhone. Sometimes your phone will get caught up; certain apps won’t work right, things get buggy, apps stop responding completely, text functions don’t work, etc. Anything could go wrong at any time. If your iPhone is acting up and giving you grief, a soft reset will usually do the trick.

All you have to do is hold down the home and sleep buttonssimultaneously until the white Apple logo appears. It won’t delete any of your data and won’t revert back to factory settings, but it will completely reboot the phone, close out all apps and fire back up with a clean slate. A lot of the time, it’s exactly what the doctor ordered.

10. There’s an App for That

Power Clean

Of course, if all of that stuff sounds too good to be true (or too difficult for the not-so-technologically savvy out there), there are a ton of apps to help you get the most out of your phone. Apps like Power Clean-Remove, Battery Doctor and Battery Saver are just a few of the most popular apps out there.

via complex

Read more »