A zero-click attack – also known as an interactionless or fully remote attack – is a type of attack that gives an operator the ability to remotely install spyware on a targeted smartphone in real time without any interaction with the target.
A zero-click attack leverages certain classes of exploits affecting apps – typically those providing messaging or voice calling – that are designed to receive and parse data from untrusted sources. The greater the size and complexity of a communications platform, the more likely exploitable bugs will be found. Attackers generally use specially formed data, such as a hidden text message or image file, to inject code that compromises the device.
Unlike an attack that uses social engineering tactics (e.g., sending a text message containing a link that exploits a given browser’s vulnerabilities), a zero-click attack is invisible to the user, allowing the operator to spy without raising the victim’s suspicions or providing any clues that can be used to identify the perpetrator. A zero-click attack also has a higher probability of successful infection. For these reasons, such attacks have become the preferred method of nation-state hackers and spyware vendors.
Infection via zero-click attack can have the same dramatic consequences as any piece of spyware, including the theft of closely held information, harassment, blackmail and more. But because they enable operators to operate more stealthily and with fewer opportunities for getting caught, zero-click attacks effectively lower the risks of spying and thus give operators the freedom to expand their list of targets.
The frustrating reality for smartphone users is that other than keeping their device’s operating system up to date, there’s not a lot that can be done to avoid zero-click attacks. As such, we recommend that users act as if their smartphone has already been compromised. This means limiting the data ultimately available to spies. We recommend using SafeCase™ – our smartphone-coupled security device – to deny audio and video capture. And in instances where location privacy is warranted, we recommend using Vault™, our two-in-one RF shielding and audio masking device.