Comment by x1sec
2 years ago
In a week, a lot of data can be exfiltrated. Then after you have rebooted, the threat actor reinfects your device.
Frequently rebooting the device can’t hurt but it likely isn’t going to prevent a threat actor from achieving their objectives.
The best mitigation we have is to enable lockdown mode.
Why not both? Lockdown + frequent reboots.
How frequent?
Depends on usage and threat models? If one expects their device to be attacked immediately after a forced restart, SIM PIN can stop non-emergency usage of the cellular line, while Apple Configurator can restrict WiFi to a predefined SSID that captures device traffic for forensic analysis.