A zero-click attack is a type of cyber attack that allows an adversary to gain access to or control over a target device without the need for any user interaction. In other words, the attack can be executed without the user clicking on any links, downloading any files, or performing any other actions that would typically be required for an attack to succeed.
Zero-click attacks can be particularly dangerous because they can be difficult for users to detect and prevent. For example, a zero-click attack could involve sending a malicious email or text message that exploits a vulnerability in the recipient’s device as soon as it is received, without the need for the user to open the message or interact with it in any way.
To protect against zero-click attacks, it is important to keep all devices and software up to date with the latest patches and security updates.
Zero Click Economics
Exploit broker Zerodium, a market leader in its field, announced in 2019 that it is offering up to $2 million for zero-click jailbreaks of Apple’s iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that can take control of secure messaging apps WhatsApp and iMessage. These prices represent a significant increase from the company’s previous offerings of $1.5 million, $1 million, and $500,000, respectively, for the same types of exploits. The higher prices indicate not only a growing demand for these exploits, but also the increasing difficulty of successfully compromising these targets.
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
What is zero-click malware, and how do zero-click attacks work?