Let’s tell you what is zero click attack typeused by spy applications such as Pegasus. We will all remember that in 2021 The phones of Pedro Sánchez and the Minister of Defense were infected by this malware espionage or Spywareand to do so this technique was used.
The zero-click technique in Pegasus was first documented by Citizen Lab in a 2016 reportand it is worth knowing it for its sophistication. Basically, it is a method of infecting devices in which the victim does not need to do anything or touch any link.
What is the zero click attack
The Zero Click This is what we call an exploit.a trick that exploits a security flaw in operating systems or web pages to do something that you should not be able to do. In this case, what we should not be able to do is install spyware on the mobile phone without the victim knowing.
To spy on another person’s cell phone you have to install a spy program, and the most common method to do this is through hacking attacks. phishing: The victim is sent a fake email or message with a link on which, when clicked, the spyware is downloaded. Come on, an interaction is needed on the part of the victim.
However, zero-click exploits are designed to function without interaction of the user. This means that they are methods so that a victim’s mobile phone can execute code on its own.
This is a very sophisticated type of attack, subtle, and with a high success rate, since we will not realize that it is happening. Thus, your device becomes infected invisibly or by simply receiving a missed call notification from an unknown number.
Zero click attacks They are not a virus or malware, but a technique through which these malwares can be installed. Therefore, your antivirus will not detect this attack, although it can detect the program installed on the mobile phone through it.
How the zero click exploit works
This type of exploit uses vulnerabilities within communication applications completely normal and legal that we carry on our mobile. For example, messaging applications, SMS or social networks.
What they do is take advantage failures in automatic processes of mobile phones or applications. For example, when you receive an SMS on your mobile, the application automatically processes it to send you a preview in the notifications, or a notification with the specific message.
What attackers do is use flaws that they have discovered but the companies responsible for mobile phones, operating systems or applications do not know about. To follow an example, if the messaging app has a flaw when processing images, PDFs or audio, the exploit can take advantage of it to send a message that has a code with which to exploit this flaw to install the malware in question.
For example, Pegasus used zero-click exploits in iMessage and WhatsApp. The attackers only had to send a specially designed message to exploit the flaws of this app, and the phone was infected without you realizing it, even deleting the message afterwards to leave no trace.
There are groups of cybercriminals specialized in creating these exploits, which because they are so difficult to design can be worth millions. Today, the most common types are those aimed at smartphones, although they can also be created for other devices.
How to protect yourself from zero-click exploits
Since these attacks work without requiring any interaction from the victim, you won’t have a chance to identify the threat and defend yourself from it. This makes them extremely difficult to avoid, although we can always resort to proactive security measures.
First of all, keep your devices and their applications ALWAYS updated. These attacks work through vulnerabilities that have not been discovered, but if they are discovered, the companies of the apps, devices and operating systems will always send urgent updates. The more unupdated applications or operating systems you have, the more vulnerable you will be.
Another very important measure is avoid using unsafe applications. Be careful with almost unknown apps, or those that you download from third-party application stores or directly from websites. I know we all like to explore new apps, but only trusted apps downloaded from reputed app stores can minimize the risks.
You can also consider install anti-spyware and malware applicationsthe classic antiviruses. Behind them are companies dedicated to monitoring risks and malware, and zero-click exploits are often used to install this type of virus.
Take extreme precautions if you are a public figure. Obviously, a government or an institution is not going to spend millions of euros on one of these exploits to infect the town baker. But if you are an activist or member of an institution or government, then you are going to have to take all these measures more seriously.
In Xataka Basics | Cybersecurity for your vacation: tips and recommendations for before and during your days off
GIPHY App Key not set. Please check settings