How this cheap piece of fitness kit helped me stay in shape for a year

There’s no doubt about it: keeping fit can be expensive. If you’re a runner, you’re going to want to replace your running shoes after a year or two of hard use. …

5 Apple AirPods tips and tricks everyone needs to try right now

So you’re the proud new owner of a set of Apple AirPods – whether it’s the 2019 AirPods, AirPods (3rd generation), the AirPods Pro, or AirPods Max now adorning your head – and the chances …

How to use your iCloud Photos on iPhone and iPad

Just how many photos are stored on your iPhone? How much storage are those photos (and videos) taking up? Although Apple has slowly raised the storage limits on its top-selling product …

Lock on Laptop Screen

Lock on Laptop Screen

Hackers use various tools to gain access to computers and other devices and wreak havoc. However, one of the most dangerous, zero-click attacks, can be especially troublesome because they’re often difficult to recognize until it’s too late. In addition, as its name suggests, a zero-click attack does not require any action from its owners, such as a mouse click, keypress, or any other user interaction, unlike other attack methods like smishing and phishing. Instead, all an attacker needs to do is send the dangerous file to a device and let the exploit get to work.

Most zero-click attacks come through messaging or voice-calling apps like WhatsApp, Facebook Messager, Apple iMessage, and Telegram because they receive and interpret data from untrusted sources. Zero-click attacks work because they exploit flaws in how data get validated or processed on the device, then use data verification loopholes to enter. The attacks come through hidden text messages, email, voicemail, or an image file delivered via Wi-Fi, NFC, or Bluetooth. Once installed, the zero-click attack activates an unknown vulnerability that quickly goes after hardware or software — without the owner’s knowledge. 

As Bill Marczak, a senior research fellow at Citizen Lab explained to Bloomberg: “With zero clicks, it’s possible for a phone to be hacked and no traces left behind whatsoever,” Marczak said. “You can break into phones belonging to people who have good security awareness. The target is out of the loop. You don’t have to convince them to do anything. It means even the most skeptical, scrupulous targets can be spied on.”

Because of how they are designed, zero-click attacks are nearly invisible to unsuspecting victims, making them much easier to execute than traditional hacking methods. 

Other reasons they can be dangerous, include:

Once a zero-click attack is executed on a device, hackers can start collecting information about the user, including their browsing history, camera roll, location, contacts, and whatever else they want. They might also add surveillance software to listen to conversations and use what they find for nefarious purposes.  Sometimes infected devices are used for cyberespionage campaigns.

Some hackers take it further and decide to encrypt user files and hold them for ransom. In this case, the attack is ransomware. When this happens, it’s best to contact the authorities before handing over your hard-earned cash. 

Often, zero-click attacks rely on zero-day attacks to work. And yet, they aren’t the same. The former is a type of vulnerability that requires no user input. The latter are vulnerabilities that aren’t yet known to a software provider, which makes it less likely a patch is already available to provide a fix. 

You can take steps to better protect yourself from various types of cyberattacks, including zero-click attacks. But unfortunately, as these things go, there is no sure way to protect yourself. 

The Better Business Bureau and National Cybersecurity Alliance say the first thing you can do is make sure the software on your device is up-to-date, including operating systems and apps. In particular, pay special attention to critical software updates and get them installed immediately. You should also avoid clicking on links from unfamiliar sources that might arrive through email or messages. When in doubt, delete the message and never give away personal information. 


Leave a Reply

Your email address will not be published.