Zero Click Attack

Cyber experts have warned people with mobile devices and tablets that their devices can be vulnerable to a zero click attack. Hackers can attack when your device is using public WiFi hotspots.

In recent years the number of cyber-attacks has increased and become more sophisticated. Zero click attacks are currently the most sophisticated cyber attacks ever known. They are a game changer for cyber security and can be quite harmful to your data.

What Is A Zero Click Attack?

Zero click attack, as the name suggests, is literally “zero click.” Pegasus spyware has evolved from spear phishing attacks where you might click on a malicious link in an email to now what’s called zero click attacks. The zero click attack doesn’t require any click to be enforced. Usually, cyber attacks happen when a person does the following:

  • Inadvertently clicks on a link
  • Downloads malicious files
  • Visits a website that has a malicious link

However, zero click attacks require no user interaction. It can invade the target device without any aspect of human interaction. Unlike other attacks, it does not require voluntary clicks from a user.

Here, a hacker does not need to redirect a user into clicking or downloading anything. Instead, the zero click attacks employ tactics such as spear phishing and other complex ways to reach out to the user. It can be hard to detect a zero click attack because it leaves fewer traces of any malicious activity.

Zero Click Exploits

Zero click exploits can be created for any device. The exploitation can be so severe that hackers can access your emails, WhatsApp messages, and voice messages. The scary part is that the hacker can read and listen to all your private messages without you even knowing that your phone has been attacked. This is also why the zero click attack is considered significantly dangerous due to its invisible nature.

Unlike other cyber attacks done via social media applications, zero click attacks occur within the devices using an encrypted data confirmation loophole. Often zero click attacks rely on zero-day attacks to be successful.

What Is Zero Day Attack?

A zero-day attack happens when the hacker exploits a device’s vulnerability before the software developers can find the solution. There are many types of zero-day vulnerabilities.

How Does A Zero Click Attack Work?

The Zero Click Attack can attack your device in several ways.

Evil Twin Attack

Evil Twin Attack refers to the WiFi access point that appears to be authorized just like the usual WiFi access points. However, this access point is used to eavesdrop on wireless communications. The victim does not become aware of the evil twin attack because their internet works the usual way. Linset and Evil Twin Framework are some tools the evil twin attack uses to hack. Zero click attacks often target messaging apps because they contain large amounts of confidential information.


The main use of Netcat is a back-end tool for port scanning and listening. Hackers use Netcat to set up reverse and bind shells, redirect network traffic, port listening, banner grabbing, etc. To enable a zero click attack, the hacker sends a file containing malware that will hack the victim’s device by connecting it to the hacker’s machine. It is common for hackers to create a hidden text message as an email or image file and send it to the target device.


Simjacker attacks take place on mobile phones. An SMS is sent to the victim’s mobile phone, and that SMS contains spyware-like malware. The mobile phone becomes infected as the hacker has access to the phone, and they can carry out actions within the phone. The hacker can send commands to the mobile phone to send SMS messages, make phone calls, access location, exfiltrate data, and so much more.


A zero click attack via Bluetooth can enable the hacker to access the victim’s personal messages, pictures, emails, and phone calls. Hackers can even make a call via the victim’s phone. There are two types of attacks using Bluetooth:

  • Bluebugging
  • Bluesnarfing

Threats Of Zero Click Attack

The main reason why zero click exploits are considered dangerous is that they do not get detected easily, and they are usually targeted. Certain zero click attacks affect the victim’s device and all the other phones/tablets near the infected device. The zero click attack can enable the hacker to take control of the victim’s device. The hacker can also choose to install surveillance software or encrypt important files.

Due to this reason, the hacker may attack in public areas. The attack can be so severe that experts say that it has the ability even to start nation-state-level wars. The zero click exploit can hack modern military weapons and fighter jets that will receive the hacker’s commands and act based on them. The automatic weapons system of countries are also at risk and vulnerable to zero click attacks.

Examples Of Zero Click Attacks in The Real World

There can be zero click attacks on several devices, from Apple to Android. There are many examples of high profile zero click malware.

Zero Click Attack On Microsoft Windows, June 2019

Experts from ESET identified a zero click attack on Microsoft Windows in June 2019. The hacker took advantage of a vulnerability of Microsoft Windows. It was reported that malware initiated the zero click attack.

NSO Spyware Attacks

Experts at Citizen Lab discovered an iPhone exploit in early 2022. The exploit caused the installation of NSO Group spyware on Apple phones. The zero click attack was targeted on the iPhones of certain politicians, activists, and journalists. The hackers had access to cameras and were able to track the devices.

How To Protect Against Zero Click Attack? 

Citizen Lab has reported zero click attacks on iOS and Android devices and the apps that run on these devices in 2021. Zero click attacks can be prevented largely by smartphone manufacturing companies and app developers. They can take actions that can control bugs and viruses from attacking devices and apps.

Depending upon the user’s devices and their operating systems, several ways can protect against zero click attacks:

Update Your Device

One of the best ways to protect your device is to ensure that your device’s operating system is up to date. You must regularly update your operating system to protect it against malware.

Microsoft Windows

If the device is operating on Microsoft Windows, the user has to set up an anti-malware that will find any infectious payloads. The user has to be careful before downloading anything. Also, they should ensure that their AP’s BSSID (Basic Service Set Identifier) is not shown so that it’s not vulnerable to attack.

Linux Or Unix

In addition to the points discussed above, users having devices running on Linux or Unix should ignore any untrusted tool.

Protection Against Evil Twin Attack

To avoid zero click attacks on the WiFi access points, the BSSID should be hidden. As an additional safety precaution, the connected devices should be checked regularly.

To avoid attacks via Bluetooth, the users should update themselves on any security issue by contacting the device manufacturers.

To protect your phone against attacks on SIM cards, the users should use new connection methods such as 4G and 5G. The latest methods verify the chip and the base station, thus preventing zero click attacks on the SIM card.

Avoid Dangerous Applications

Apps downloaded or sideloaded on a device from third-party application stores can potentially contain exploitable vulnerabilities. Thus, only install well-known apps from authorized app stores to reduce exploitability.

Key Takeaways

Zero click attacks are undoubtedly terrifying. These attacks can infect a device without the victim becoming aware of the attack. Hackers can control devices this way and access the victim’s confidential data. This kind of attack can also infect modern computerized military devices and take control over their actions.

As new vulnerabilities are discovered, there are more chances that many will be used for zero click exploits to install malware, spyware, and exfiltrate data. In the struggle against zero click attacks, the best way to deal with them is by keeping up with the latest software updates.

Derik Belair

As President and CEO, Derik leads the vision, strategy and growth of Augmentt. Prior to founding Augmentt, Derik was the Vice President at SolarWinds, leading the digital marketing strategy for SolarWinds’ Cloud division. Derik has been working in the channel for over 20 years, starting his career as a channel sales rep at Corel Corp. and eventually becoming the first employee at N-able Technologies in April of 2000.
SUBSCRIBE for more resources
Related Content

Agent-based SaaS Discovery

    When it comes to Augmentt Discover, we believe in flexibility and power. Augmentt Discover can collect SaaS usage data using both an Agent and Agentless model. Here is a quick [...]

    Product Evaluation Guide

      Thank you for starting your Augmentt Product Evaluation and Trial   Here are a few resources that will help you through this technical process. Support Technical Support is available to [...]
      Augmentt is a centralized SaaS security platform built for MSPs to deliver scalable managed security services for Microsoft and cloud apps. Our multi-tenant platform gives you visibility across all your end-users to easily audit, protect and detect security threats for a holistic approach to cyber security.