Explained: What are zero-click attacks, and how do you get the better of them?

Source: Indian Express

 What is the News?

Pegasus spyware has evolved from its earlier spear-phishing methods using text links or messages to ‘zero-click’ attacks which do not require any action from the phone’s user. It is the worrying aspect of spyware.

About Zero-click Attack:
  • A Zero-Click attack helps spyware like Pegasus gain control over a device without human interaction or human error.
  • So all awareness about how to avoid a phishing attack or which links not to click is pointless if the target is the system itself.
  • Most of these attacks exploit software that receives data even before it can determine whether what is coming in is trustworthy or not, like an email client.
Difference between Zero Click Attacks and Spear Phishing:
  • Zero-click attacks occur only when an attacker is able to take over a device remotely after successfully exploiting vulnerabilities in the software and hardware of the phone.
  • On the other hand, spear phishing is a social engineering attack where a hacker sends a fraudulent message which is designed to trick a victim into revealing confidential information or infect their device with malicious software.
Can zero-click attacks be prevented?
  • Zero-click attacks are hard to detect given their nature and hence even harder to prevent. Detection becomes even harder in encrypted environments, where there is no visibility on the data packets being sent or received.
  • One of the things users can do is to ensure all operating systems and software are up-to-date so that they would have the patches for at least vulnerabilities that have been spotted.
Print Friendly and PDF