{"id":1537188,"date":"2025-05-21T00:55:00","date_gmt":"2025-05-21T04:55:00","guid":{"rendered":"https:\/\/bugaluu.com\/news\/?p=1537188"},"modified":"2025-05-21T00:55:00","modified_gmt":"2025-05-21T04:55:00","slug":"how-hackers-can-control-your-phone-with-zero-click-attack","status":"publish","type":"post","link":"https:\/\/bugaluu.com\/news\/how-hackers-can-control-your-phone-with-zero-click-attack\/1537188\/","title":{"rendered":"How Hackers Can Control Your Phone With “Zero-Click” Attack"},"content":{"rendered":"

How Hackers Can Control Your Phone With “Zero-Click” Attack<\/span><\/p>\n

\n

Authored by Chris Summers via The Epoch Times<\/a> (emphasis ours),<\/em><\/p>\n

In 2025, most people are inseparable from their laptops and smartphones. With that familiarity has come a wariness of the dangers of clicking on unsolicited emails, SMS, or WhatsApp messages.<\/p>\n

But there is a growing menace called zero-click attacks, which have previously targeted only VIPs or the very wealthy because of their cost and sophistication.<\/strong><\/p>\n

Illustration by The Epoch Times, Shutterstock<\/em><\/a><\/p>\n

A zero-click attack is a cyberattack that hacks a device without the user clicking anything.<\/strong> It can happen just by receiving a message, call, or file. The attacker uses hidden flaws in apps or systems to take control of the device, with no action needed from the user and the user remains unaware of the attack.<\/p>\n

\u201cAlthough public awareness has increased recently, these attacks have steadily evolved over many years, becoming more frequent as smartphones and connected devices proliferated,\u201d Nathan House, CEO of StationX, a UK-based cybersecurity training platform, told The Epoch Times.<\/p>\n

\u201cThe key vulnerability is in the software, rather than the type of device, meaning any connected device with exploitable weaknesses could potentially be targeted,<\/strong>\u201d he said.<\/p>\n

Aras Nazarovas, an information security researcher at Cybernews, told The Epoch Times why zero-click attacks usually target VIPs,<\/strong> rather than ordinary individuals.<\/p>\n

\u201cSince finding such zero-click exploits is difficult and expensive<\/strong>, most of the time such exploits are used to gain access to information from key figures, such as politicians or journalists in authoritarian regimes,\u201d he said.<\/p>\n

\u201cThey are often used in targeted campaigns. Using such exploits to steal money is rare.\u201d<\/p>\n

In June 2024, the BBC reported<\/a> that social media platform TikTok had admitted that a \u201cvery limited\u201d number of accounts, including those of media outlet CNN, had been compromised.<\/p>\n

While ByteDance, the owner of TikTok, did not confirm the nature of the hack, cybersecurity companies such as Kaspersky and Assured Intelligence suggested<\/a> it stemmed from a zero-click exploit.<\/p>\n

\u201cThe part that requires high levels of sophistication is finding bugs that allow such attacks and writing exploits for these bugs,<\/strong>\u201d Nazarovas said.<\/p>\n

\u201cIt has been a billion-dollar market for years, selling zero-click exploits and exploit chains. Some gray\/dark market exploit brokers often offer $500,000 to $1 million for such exploit chains for popular devices and apps.\u201d<\/p>\n

An attendee inspects the new iPhone 16 Pro Max during event at the Apple headquarters in Cupertino, Calif., on Sept. 9, 2024. Experts warn of a rise in zero-click attacks\u2014cyberattacks that compromise devices without any user interaction. Justin Sullivan\/Getty Images<\/em><\/a><\/p>\n

Nazarovas added that while ordinary users have been hit in the past by zero-click \u2018drive-by\u2019 attacks. These are attacks<\/a> that emerge after the unintentional installation of malicious software onto a device, often without the user even realizing it. They have become more infrequent with the growing gray market for such exploits.<\/p>\n

House said zero-click exploits often seek out vulnerabilities in software and apps that are expensive to discover, which means the perpetrators are usually \u201cnation-state actors or highly-funded groups.\u201d<\/p>\n

Expanded Spyware Markets<\/h2>\n

Although there have been recent innovations in AI that have made certain cyber crimes, such as voice-cloning or\u00a0vishing<\/a>, more prevalent, Nazarovas says there is no evidence yet that it has increased the risk from zero-click attacks.<\/p>\n

House said people could use AI to \u201cwrite zero-click exploit chains for people who would have otherwise lacked the time, experience, or knowledge to be able to discover and write such exploits.\u201d<\/strong><\/p>\n

But, he said, the increase in zero-click attacks in recent years, \u201cstems mainly from expanded spyware markets and greater availability of sophisticated exploits, rather than directly from AI-driven techniques.\u201d<\/p>\n

He said zero-click attacks have existed for more than a decade<\/strong>, the most infamous of which was the Pegasus spyware<\/a> affair.<\/p>\n

In July 2021, The Guardian and 16 other media outlets published a series of articles, alleging that foreign governments used the Israeli-based NSO Group\u2019s Pegasus software to surveil at least 180 journalists and numerous other targets around the world.<\/p>\n

Alleged targets of Pegasus surveillance included French President Emmanuel Macron, Indian opposition leader Rahul Gandhi, and Washington Post writer Jamal Khashoggi, who was slain in Istanbul on Oct. 2, 2018.<\/p>\n

A woman checks the website of Israel-made Pegasus spyware at an office in Nicosia, Cyprus, on July 21, 2021. Pegasus has been tied to several high-profile international zero-click attacks in recent years. Mario Goldman\/AFP via Getty Images<\/em><\/a><\/p>\n

In a\u00a0statement<\/a> at the time, NSO Group said, \u201cAs NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi.\u201d<\/p>\n

On May 6, a California jury awarded<\/a> WhatsApp\u2019s parent company, Meta, $444,719 in compensatory damages and $167.3 million in punitive damages, in a privacy case against NSO Group.<\/p>\n

The WhatsApp complaint was focused on the Pegasus spyware, which, according to the lawsuit, was developed \u201cto be remotely installed and enable the remote access and control of information\u2014including calls, messages, and location\u2014on mobile devices using the Android, iOS, and BlackBerry operating systems.\u201d<\/p>\n

\u201cWhile ordinary users can occasionally become collateral targets, attackers generally reserve these costly exploits for individuals whose information is especially valuable or sensitive,<\/strong>\u201d Nazarovas said.<\/p>\n

According to Nazarovas, corporations offer hackers \u2018bug bounties\u2019 to incentivize them to find these exploits and report them to the company, rather than selling them to a broker who then sells them on to parties who use them illegally.<\/p>\n

Read the rest here…<\/strong><\/a><\/em><\/p>\n<\/div>\n

Tyler Durden<\/a><\/span>
\nTue, 05\/20\/2025 – 20:55<\/span><\/p>\n

\u200bhttps:\/\/www.zerohedge.com\/technology\/how-hackers-can-control-your-phone-zero-click-attack<\/a>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

How Hackers Can Control Your Phone With “Zero-Click” Attack Authored by Chris Summers via The Epoch Times (emphasis ours), In 2025, most people are inseparable…<\/p>\n","protected":false},"author":0,"featured_media":1537189,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1537188","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","wpcat-1-id"],"_links":{"self":[{"href":"https:\/\/bugaluu.com\/news\/wp-json\/wp\/v2\/posts\/1537188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bugaluu.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bugaluu.com\/news\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/bugaluu.com\/news\/wp-json\/wp\/v2\/comments?post=1537188"}],"version-history":[{"count":0,"href":"https:\/\/bugaluu.com\/news\/wp-json\/wp\/v2\/posts\/1537188\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bugaluu.com\/news\/wp-json\/wp\/v2\/media\/1537189"}],"wp:attachment":[{"href":"https:\/\/bugaluu.com\/news\/wp-json\/wp\/v2\/media?parent=1537188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bugaluu.com\/news\/wp-json\/wp\/v2\/categories?post=1537188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bugaluu.com\/news\/wp-json\/wp\/v2\/tags?post=1537188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}