Until now, most cyberattacks started when a user clicked on a bad link or downloaded a corrupted file. The click or download permitted the malware to enter the device. But now, a new type of cyberattack is on the rise: one that doesn’t require any clicks at all.
“Zero-click attacks” are defined as cyberattacks requiring no user action. Instead, they exploit vulnerabilities in apps and operating systems like Windows, Mac, Chrome, iOS, and Android. These systems release “patches” when they realize a loophole in their code exists. But if cybercriminals find the loophole first, or if they find an unfixed loophole on devices that have not installed the patch, they can get into a device without users knowing.
These attacks often target messaging apps, which receive significant amounts of data from many different sources, including unknown sources. Hackers send a message in which bad code is embedded in something that seems harmless to the operating system, such as a text or PDF. When the message is received, the code activates and infects the device, allowing the hacker to see all messages on that app. All without the user even opening the message.
These attacks are highly sophisticated. Even if the message is deleted, the device is still infected. They hardly leave any traces, making them extremely difficult to detect.
Despite their complexity, there are steps you can take to prevent a zero-click attack:
- Regularly update your computers and apps
If you install “patches” for operating systems in a timely manner, you’re protecting your device from system flaws that can otherwise be an easy entry for hackers. - Get rid of any apps you aren’t using
Discarding unused apps means fewer chances for criminals to find a vulnerability. - Use multi-factor authentication
- Block pop-ups
- Periodically restart your phone
On iPhones, this has been shown to stop zero-click attack software Pegasus from working, or at least temporarily disrupt it.
Fortunately, right now, these attacks are expensive to implement, with one recorded at 2.5 million according to CSO online. But as hackers and AI continue to advance, it is important to be aware that cyberattacks can be carried out in this manner, and to take steps to guard against it.