Traditionally, spying software relies on convincing the targeted person to click on a compromised link or file to install itself on their phone, tablet, or computer. However, with a zero-click attack, the software can be installed on a device without the victim clicking on any link. As a result, zero-click malware or no-click malware is much more dangerous.
The reduced interaction involved in zero-click attacks means fewer traces of any malicious activity. This – plus the fact that vulnerabilities which cybercriminals can exploit for zero-click attacks are quite rare – make them especially prized by attackers.
Even basic zero-click attacks leave little trace, which means detecting them is extremely difficult. Additionally, the same features which make software more secure can often make zero-click attacks harder to detect. Zero-click hacks have been around for years, and the issue has become more widespread with the booming use of smartphones that store a wealth of personal data. As individuals and organizations become increasingly reliant on mobile devices, the need to stay informed about zero-click vulnerabilities has never been greater.
Typically, remote infection of a target’s mobile device requires some form of social engineering, with the user clicking on a malicious link or installing a malicious app to provide the attacker with an entry point. This is not the case with zero-click attacks, which bypass the need for social engineering entirely.
A zero-click hack exploits flaws in your device, making use of a data verification loophole to work its way into your system. Most software uses data verification processes to keep cyber breaches at bay. However, there are persistent zero-day vulnerabilities that are not yet patched, presenting potentially lucrative targets for cybercriminals. Sophisticated hackers can exploit these zero-day vulnerabilities to execute cyber-attacks, which can be implemented with no action on your part.
Often, zero-click attacks target apps that provide messaging or voice calling because these services are designed to receive and interpret data from untrusted sources. Attackers generally use specially formed data, such as a hidden text message or image file, to inject code that compromises the device.
"Zero-day" is a broad term that describes recently discovered security vulnerabilities that hackers can use to attack systems. The term "zero-day" refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it.
Zero-day is sometimes written as 0-day. The words vulnerability, exploit, and attack are typically used alongside zero-day, and it’s helpful to understand the difference: