Daily News Analysis

Zero-click attacks

19th July, 2021 Security and Defence

Context:

  • A zero-click attack helps spyware like Pegasus gain control over a device without human interaction or human error.
  • Zero-click attacks are hard to detect given their nature and hence even harder to prevent.

 

Background:

  • One of the worrying aspects of the Pegasus spyware is how it has evolved from its earlier spear-phishing methods using text links or messages to ‘zero-click’ attacks, which do not require any action from the phone’s
  • This had made it the most powerful spyware, more potent and almost impossible to detect or stop.
  • Once a phone was infiltrated, Pegasus had “more control” over it than the owner.
  • This is because, the spyware gains “root-level privileges”. After this it can view everything from contact lists to messages and internet browsing history and send the same to the attacker.

 

How do zero-click attacks work?

 

 

  • A zero-click attack helps spyware like Pegasus gain control over a device without human interaction or human error.
  • So all awareness about how to avoid a phishing attack or which links not to click are pointless if the target is the system itself.
  • Most of these attacks exploit software, which receive data even before it can determine whether what is coming in is trustworthy or not, like an email client.

 

Can zero-click attacks be prevented?

  • Zero-click attacks are hard to detect given their nature and hence even harder to prevent.
  • Detection becomes even harder in encrypted environments where there is no visibility on the data packets being sent or received.
  • One of the things users can do is to ensure all operating systems and software are up to date so that they would have the patches for at least vulnerabilities that have been spotted.

https://indianexpress.com/article/explained/zero-click-attacks-pegasus-spyware-7411302/