What is a Zero Click Attack?

A zero-click attack takes advantage of vulnerabilities in software to carry out an attack without user interaction. By exploiting this vulnerability, the exploit can install malware or perform other malicious interactions on a user’s device without the target needing to click on a link, open a malicious file or take any other action.

Download The Mobile Security Report Spyware Check Tool

What is a Zero Click Attack?

How Does It Work?

Most methods of remotely exploiting a device use phishing or other social engineering tactics to trick a user into clicking on a malicious link or opening an infected file. This action runs malicious code, enabling malware to be installed on the device.

A zero-click exploit is designed to work without user interaction, which means that it needs to achieve code execution on its own. Most zero-click exploits are designed to take advantage of vulnerabilities in applications that accept and process untrusted data. Common examples include SMS and other messaging platforms, email apps, and phone apps.

These applications accept data from an untrusted source and process it before presenting it to the user. If this data processing code contains an unpatched vulnerability, then a carefully crafted message could exploit this vulnerability, allowing the malicious message or phone call to run malicious code on the device.

Receiving an email, receiving an SMS, and similar actions don’t require user interaction; smartphones display notifications based on the contents of an SMS or other message before the user decides to open and read it. A well-crafted malicious message can install malware, delete itself, and suppress notifications to give the user no indication that the attack has occurred.

The Threat

Zero-click exploits pose a significant threat to the security of smartphones and other devices because of their subtlety and high success rate. Traditional exploits require tricking a user into clicking on a malicious link or file, providing the target with an opportunity to detect and respond to the threat. Zero-click exploits may infect a device invisibly or only trigger a missed call notification from an unknown number.

Zero-click exploits are highly-prized vulnerabilities by all cyber threat actors, including advanced persistent threats (APTs) and nation-states. They are commonly used to deliver spyware that secretly collects information on persons of interest to a government or other group.

Types of Zero Click Exploits

Smartphones are the most common and widely-known target of zero-click attacks. These devices use various communications apps, including SMS, phone, messaging, and social media apps. This provides a wide attack surface for attackers looking for an exploitable vulnerability.

Certain groups are well-known for identifying and weaponizing zero-click exploits. For example, the NSO Group has identified and created exploits for several zero-click vulnerabilities in iPhones and Android devices and the apps that run on them. These vulnerabilities are exploited to deliver the company’s Pegasus spyware, which is sold to governments for use in law enforcement, intelligence collection, and, in many cases, monitoring of journalists, activists, and other persons of interest.

While the NSO Group is the most well-known purveyor of spyware that exploits zero-click vulnerabilities, it is not the only group with this capability. The company has direct competitors, and other cyber threat actors have the ability to detect and weaponize these vulnerabilities as well.

How to Protect Yourself from Zero-Click Exploits

The entire purpose of zero-click exploits is to evade detection by the user. Since there is no need for user interaction, there is no opportunity for the target to identify the threat and refuse to fall for it. However, this does not mean that it is impossible to protect against these attacks. Instead of responding to an attack in progress, mitigating the threat of zero-click exploits requires proactive, preventative actions, such as:

  • Updating Apps and Devices: Zero-click exploits take advantage of unpatched vulnerabilities in device operating systems and applications. Keeping devices and apps up-to-date can reduce devices’ vulnerability to these attacks.
  • Installing Anti-Spyware and Anti-Malware Solutions: Zero-click exploits are commonly used to deploy spyware and other malware to devices. Using anti-spyware and anti-malware solutions that can detect and remediate these infections can mitigate the impact of a successful zero-click exploit.
  • Avoid Unsafe Applications: Applications downloaded from third-party app stores or sideloaded onto a device are more likely to contain exploitable vulnerabilities. Only installing reputable apps from trusted app stores can minimize exploitability.

Zero Click Protection With Check Point

Zero-click attacks can pose a serious threat to the security of personal and professional devices by the installing a spyware and other malware on a device.

Check Point can help to protect against and triage these types of attacks. Check Point Harmony Mobile offers multi-layer protection capable of identifying and blocking infections by this sophisticated malware.

Some key capabilities include:

  • Identify OS versions vulnerable to Pegasus exploits.
  • Alert if a device is jailbroken, which spyware commonly does to gain access to sensitive data.
  • Block attempted communications between spyware and command and control (C2) servers.
  • Alert on attempted sideloading of apps from unofficial appstores and block sideloading on Samsung devices using Samsung Knox Agent.
  • Block malicious PDFs and GIFs used in recent Pegasus attacks with file protection.

Even if your mobile is protected now or has been checked and found to be clean from spyware, you might have been exposed in the past, and data might have been stolen. If you have concerns about past attacks against your mobile device, Check Point can check it for you for free.

These sophisticated malware are well-known for their volatility and their ability to get in and out without being noticed. This means that your mobile device, or any of your employees’ devices, might have been compromised without you knowing, and sensitive information that you’ve considered to be safely stowed away has leaked.

For this reason, Check Point experts developed a tool that can detect and recognize the past presence of this nation-stare spyware on mobile devices. Our Mobile specialists would be happy to assist you, run a spyware check on your mobile devices, and provide a full report of the findings free of charge. Sign up for a free mobile spyware check today.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK