Cybercriminals sending dodgy emails with fake links is nothing new in the world of cyberattacks and scams. But there's a rising form of cyberattack called 'zero-click' that can steal your personal data without you doing anything or clicking anything.

As zero-click exploits have the potential to wreak havoc on Android users, we're going to take a deep dive into this form of cyberattack and how you can stay safe from it.

Just remember that if you need support or someone to talk to, our Sonder support team is available 24/7 to chat whenever you need it.

What is this 'Zero-click' exploit?

Most cyberattacks involves some form of social engineering and a degree of interaction from the targeted user in order for malware or other malicious software to be installed onto their device, rendering it vulnerable to cybercriminals. This includes actions such as clicking on a compromised link, enabling macros, or downloading a dodgy attachment.

But zero-click exploits are a sophisticated type of cyberattack where targeted users don't even need to interact with anything for malware or malicious software to be installed onto their device.

Not only are targeted users generally unaware that a zero-click attack has occurred, but the lack of any interaction also makes detecting the source of the attack extremely difficult. This makes zero-click cyberattacks far more dangerous than your usual scam email/SMS cyberattack.

That's wild.


So, how does it work?

Zero-click cyberattacks bypass the need for any form of social engineering and directly exploits flaws in your device via a data verification loophole in order to work its way into your device's system.

Apps that provide messaging or voice calling are often targeted as these services are designed to receive and interpret data from untrusted sources. Attackers are generally able to exploit a flaw in how this data is processed or validated by using things such as a hidden text message or image file to inject code that compromises the device.

A hypothetical zero-click cyberattack might work like this:

  1. Cybercriminals identify a vulnerability in a mail or messaging app.

  2. They exploit the vulnerability by sending a carefully crafted message to the target.

  3. The vulnerability allows malicious actors to infect the device remotely that consumes extensive memory.

  4. The hacker's email, message, or call won't necessarily remain on the device.

  5. As a result of the attack, cybercriminals can read, edit, leak, or delete messages.

The attack can be a series of network packets, authentication requests, text messages, MMS, voicemail, video conferencing sessions, phone calls, or messages sent over Skype, Telegram, and WhatsApp. All of these can exploit a vulnerability in the code of an application tasked with processing the data.

What can I do to protect myself?

For Samsung device users, the smartphone giant is rolling out a 'Samsung Message Guard' security measure for its Galaxy S23 series and other Galaxy smartphones and tablets. This security measure will automatically neutralise any potential threat hiding in image files. It also runs silently and largely invisibly in the background and does not need to be activated by the user.

For all other Android device users, there are a number of ways you can protect yourself from potential zero-click attacks:

  • Keep your operating system, firmware, and apps on all your devices up to date.

  • Only download apps from official stores.

  • Delete any apps you no longer use

  • Avoid ‘jailbreaking’ or ‘rooting’ your phone since this removes protection provided by Apple and Google.

  • Use password protection for your devices.

  • Use strong authentication to access accounts, especially critical networks.

  • Use strong and unique passwords. Never use the same password for two or more logins.

  • Regularly backup systems. Systems can be restored in cases of ransomware, and having a current backup of all data speeds up the recovery process.

  • Enable pop-up blockers or prevent pop-ups from appearing by adjusting your browser settings as scammers routinely use pop-ups to spread malware.

If you have any questions or need extra support, we're here to help you anytime in any language. Simply start a chat with us via the home screen of the Sonder app.

Information sourced from: 7news, CSO, Kaspersky, and Samsung

Image credit: MOHI SYED at Pexels

All content is created and published for informational purposes only. It is not intended to be a substitute for professional advice. Always seek the guidance of a qualified health professional.

Did this answer your question?