What is a Zero Click Attack?

A zero-click attack takes advantage of vulnerabilities in software to carry out an attack without user interaction. By exploiting this vulnerability, the exploit can install malware or perform other malicious interactions on a user’s device without the target needing to click on a link, open a malicious file or take any other action.

Download The Mobile Security Report Schedule A Demo

What is a Zero Click Attack?

How Does It Work?

Most methods of remotely exploiting a device use phishing or other social engineering tactics to trick a user into clicking on a malicious link or opening an infected file. This action runs malicious code, enabling malware to be installed on the device.

A zero-click exploit is designed to work without user interaction, which means that it needs to achieve code execution on its own. Most zero-click exploits are designed to take advantage of vulnerabilities in applications that accept and process untrusted data. Common examples include SMS and other messaging platforms, email apps, and phone apps.

These applications accept data from an untrusted source and process it before presenting it to the user. If this data processing code contains an unpatched vulnerability, then a carefully crafted message could exploit this vulnerability, allowing the malicious message or phone call to run malicious code on the device.

Receiving an email, receiving an SMS, and similar actions don’t require user interaction; smartphones display notifications based on the contents of an SMS or other message before the user decides to open and read it. A well-crafted malicious message can install malware, delete itself, and suppress notifications to give the user no indication that the attack has occurred.

The Threat

Zero-click exploits pose a significant threat to the security of smartphones and other devices because of their subtlety and high success rate. Traditional exploits require tricking a user into clicking on a malicious link or file, providing the target with an opportunity to detect and respond to the threat. Zero-click exploits may infect a device invisibly or only trigger a missed call notification from an unknown number.

Zero-click exploits are highly-prized vulnerabilities by all cyber threat actors, including advanced persistent threats (APTs) and nation-states. They are commonly used to deliver spyware that secretly collects information on persons of interest to a government or other group.

Types of Zero Click Exploits

Smartphones are the most common and widely-known target of zero-click attacks. These devices use various communications apps, including SMS, phone, messaging, and social media apps. This provides a wide attack surface for attackers looking for an exploitable vulnerability.

Certain groups are well-known for identifying and weaponizing zero-click exploits. For example, the NSO Group has identified and created exploits for several zero-click vulnerabilities in iPhones and Android devices and the apps that run on them. These vulnerabilities are exploited to deliver the company’s Pegasus spyware, which is sold to governments for use in law enforcement, intelligence collection, and, in many cases, monitoring of journalists, activists, and other persons of interest.

While the NSO Group is the most well-known purveyor of spyware that exploits zero-click vulnerabilities, it is not the only group with this capability. The company has direct competitors, and other cyber threat actors have the ability to detect and weaponize these vulnerabilities as well.

How to Protect Yourself from Zero-Click Exploits

The entire purpose of zero-click exploits is to evade detection by the user. Since there is no need for user interaction, there is no opportunity for the target to identify the threat and refuse to fall for it. However, this does not mean that it is impossible to protect against these attacks. Instead of responding to an attack in progress, mitigating the threat of zero-click exploits requires proactive, preventative actions, such as:

  • Updating Apps and Devices: Zero-click exploits take advantage of unpatched vulnerabilities in device operating systems and applications. Keeping devices and apps up-to-date can reduce devices’ vulnerability to these attacks.
  • Installing Anti-Spyware and Anti-Malware Solutions: Zero-click exploits are commonly used to deploy spyware and other malware to devices. Using anti-spyware and anti-malware solutions that can detect and remediate these infections can mitigate the impact of a successful zero-click exploit.
  • Avoid Unsafe Applications: Applications downloaded from third-party app stores or sideloaded onto a device are more likely to contain exploitable vulnerabilities. Only installing reputable apps from trusted app stores can minimize exploitability.

Zero Click Protection With Check Point

Zero-click attacks can pose a serious threat to the security of personal and professional devices. To learn more about these and other threats to mobile security, check out Check Point’s Mobile Security Report.

Check Point Harmony Endpoint provides protections against the effects of zero-click attacks, such as the installation of spyware and other malware on a device. Learn more about how Harmony Endpoint can protect against this and other endpoint security threats by signing up for a free demo.

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.