How Hackers Can Control Your Phone With "Zero-Click" Attack
In 2025, most people are inseparable from their laptops and smartphones. With that familiarity has come a wariness of the dangers of clicking on unsolicited emails, SMS, or WhatsApp messages.
But there is a growing menace called zero-click attacks, which have previously targeted only VIPs or the very wealthy because of their cost and sophistication.
A zero-click attack is a cyberattack that hacks a device without the user clicking anything. It can happen just by receiving a message, call, or file. The attacker uses hidden flaws in apps or systems to take control of the device, with no action needed from the user and the user remains unaware of the attack.
'Although public awareness has increased recently, these attacks have steadily evolved over many years, becoming more frequent as smartphones and connected devices proliferated,' Nathan House, CEO of StationX, a UK-based cybersecurity training platform, told The Epoch Times.
'The key vulnerability is in the software, rather than the type of device, meaning any connected device with exploitable weaknesses could potentially be targeted,' he said.
Aras Nazarovas, an information security researcher at Cybernews, told The Epoch Times why zero-click attacks usually target VIPs, rather than ordinary individuals.
'Since finding such zero-click exploits is difficult and expensive, most of the time such exploits are used to gain access to information from key figures, such as politicians or journalists in authoritarian regimes,' he said.
'They are often used in targeted campaigns. Using such exploits to steal money is rare.'
In June 2024, the BBC reported that social media platform TikTok had admitted that a 'very limited' number of accounts, including those of media outlet CNN, had been compromised.
While ByteDance, the owner of TikTok, did not confirm the nature of the hack, cybersecurity companies such as Kaspersky and Assured Intelligence suggested it stemmed from a zero-click exploit.
'The part that requires high levels of sophistication is finding bugs that allow such attacks and writing exploits for these bugs,' Nazarovas said.
'It has been a billion-dollar market for years, selling zero-click exploits and exploit chains. Some gray/dark market exploit brokers often offer $500,000 to $1 million for such exploit chains for popular devices and apps.'
Nazarovas added that while ordinary users have been hit in the past by zero-click 'drive-by' attacks. These are attacks that emerge after the unintentional installation of malicious software onto a device, often without the user even realizing it. They have become more infrequent with the growing gray market for such exploits.
House said zero-click exploits often seek out vulnerabilities in software and apps that are expensive to discover, which means the perpetrators are usually 'nation-state actors or highly-funded groups.'
Although there have been recent innovations in AI that have made certain cyber crimes, such as voice-cloning or vishing, more prevalent, Nazarovas says there is no evidence yet that it has increased the risk from zero-click attacks.
House said people could use AI to 'write zero-click exploit chains for people who would have otherwise lacked the time, experience, or knowledge to be able to discover and write such exploits.'
But, he said, the increase in zero-click attacks in recent years, 'stems mainly from expanded spyware markets and greater availability of sophisticated exploits, rather than directly from AI-driven techniques.'
He said zero-click attacks have existed for more than a decade, the most infamous of which was the Pegasus spyware affair.
In July 2021, The Guardian and 16 other media outlets published a series of articles, alleging that foreign governments used the Israeli-based NSO Group's Pegasus software to surveil at least 180 journalists and numerous other targets around the world.
Alleged targets of Pegasus surveillance included French President Emmanuel Macron, Indian opposition leader Rahul Gandhi, and Washington Post writer Jamal Khashoggi, who was slain in Istanbul on Oct. 2, 2018.
In a statement at the time, NSO Group said, 'As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi.'
On May 6, a California jury awarded WhatsApp's parent company, Meta, $444,719 in compensatory damages and $167.3 million in punitive damages, in a privacy case against NSO Group.
The WhatsApp complaint was focused on the Pegasus spyware, which, according to the lawsuit, was developed 'to be remotely installed and enable the remote access and control of information—including calls, messages, and location—on mobile devices using the Android, iOS, and BlackBerry operating systems.'
'While ordinary users can occasionally become collateral targets, attackers generally reserve these costly exploits for individuals whose information is especially valuable or sensitive,' Nazarovas said.
According to Nazarovas, corporations offer hackers 'bug bounties' to incentivize them to find these exploits and report them to the company, rather than selling them to a broker who then sells them on to parties who use them illegally.
Read the rest here…
Also read: Kuwaiti Jailed For 6 Months Over Hacking Wife's Mobile Phone
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gulf Insider
2 days ago
- Gulf Insider
Starting July 1: WhatsApp Business Rolls Out Major Pricing Changes
In a significant move for businesses worldwide, WhatsApp Business has announced a revamped pricing model for its WhatsApp Business Platform, set to take effect on July 1, 2025. The update introduces per-message billing, revised rates, and volume-based discounts for utility and authentication messages—aligning the platform with industry-standard practices seen on other messaging channels. WhatsApp will now charge businesses per template message sent, rather than relying on broader session-based models. This means that if a company sends a single marketing and one utility message, they'll incur separate charges for each message type. 'This update aligns our pricing structure with other leading communication platforms that already operate on a per-message basis,' said a WhatsApp spokesperson. Businesses can still respond to customer inquiries for free within a designated 24-hour customer service window, which resets every time a user sends a new message. During this period, companies can send both free-form and utility messages at no cost. 'This gives businesses more flexibility and choice when responding to customers, without worrying about added fees,' WhatsApp noted in its update. To support growth, WhatsApp Business will roll out market-specific volume tiers for utility and authentication messages. As businesses scale up, they'll automatically benefit from reduced pricing in higher tiers. 'The more messages you send, the more you save,' WhatsApp stated. 'Volume-based pricing makes the platform more cost-effective for growing businesses.' These volume tiers are category-specific and market-based. For instance, a business sending utility messages in Brazil would qualify for a separate pricing tier than one sending authentication messages in India. Predictable billing with per-message pricing No cost for responses within the customer service window Lower rates at higher volumes, incentivising platform growth Alignment with global communication pricing standards This pricing update signals WhatsApp's continued commitment to supporting business communication while ensuring cost-efficiency and scalability. Companies leveraging the WhatsApp Business Platform should review the new pricing structure closely to optimise their messaging strategies before the July 1 rollout.
Gulf Insider
5 days ago
- Gulf Insider
Humanoid AI Robots In China Fight Club
Four artificial intelligence-enhanced robots have been put through their paces in a Chinese robot fighting competition, duking it out in kickboxing matches until one was declared the champion. The World Robot Competition Mecha Fighting Series had four human-controlled robots built by China-based firm Unitree compete in three, two-minute rounds with winners crowned through a points system, according to a May 26 report from the China state-owned outlet the Global Times. Chen Xiyun, a Unitree team member, said the 'robots fight in a human-machine collaborative way,' with the machines pre-taught moves, but ultimately, a person controls the bot's movements. The robots reportedly weighed 35 kilograms and stood 132 centimeters tall. Ahead of the boxing rounds, the pint-sized robots were put through tests to demonstrate a variety of kicks and punches and assist the organizers in refining the rules. The team with the highest points across the three rounds moves on to fight another opponent. A punch to the head was worth one point, and a kick to the head was worth three. Teams lost five points if their robot fell and 10 points if their robot was down for over eight seconds. During a livestream of the event on the state broadcaster CCTV, Unitree director Wang Qixin said the robotics company used 'AI technology to let robots learn.' 🤖 China hosted the world's first #humanoid robot fighting competition, the CMG World #Robot Competition. Four teams and their #UnitreeG1 robots duked it out in a globally live-streamed event! 🥊 — Chinese Embassy in US (@ChineseEmbinUS) May 26, 2025 'First of all, the motion capture will be based on some professional fighting athletes. Based on their motion capture data, the robot will learn these movements in the virtual world,' he said. In one of the first matches, a robot in pink headgear fought a robot in black headgear. After a flurry of sometimes misplaced punches and kicks, the black-donned bot was the first to be knocked down after throwing a kick and falling over. However, the black-clad android came back strong and scored a knockdown on pink in round three with a front kick. A second knockdown saw the black bot jump on the pink one to hold it down and claim the win. The pink-wearing bot and another wearing red were both eliminated, leaving the black-donned bot and one wearing green to go toe to toe in the finals. Ultimately, the black bot was declared the champion after outscoring its opponent. Another event with full-sized robots is reportedly locked in for December in South China's Guangdong Province. Also read: Watch: Humanoid Robot Goes Full Skynet After 'Imperfect Coding'
Daily Tribune
6 days ago
- Daily Tribune
Raise opens investor doors
business TDT | Manama Bahrain's startup ecosystem is gaining traction with the return of 'Raise: The Art of Fundraising', a bootcamp designed to do what most founders struggle with: get them face-toface with investors. Now in its ninth cohort, Raise has opened applications for the next twoweek round of its investment readiness programme. Backed by The Labor Fund (Tamkeen) and delivered by Spring Venture Services in partnership with global VC firm Salica Investments, Raise goes beyond mentorship. It connects early-stage startups directly with investor networks across the MENA region, providing access to capital, industry leaders, and essential strategic guidance. Doors to capital The programme's track record includes eight completed bootcamps and 16 StartUp Bahrain Pitch events. Over 100 startups have benefited from tailored support in pitching, valuation, and deal negotiation. Standouts from previous cohorts, like DOO founder Ali Mohsen, credit the program for helping land funding and refine go-to-market plans. 'Raise was instrumental in refining our fundraising strategy and connecting us with investors,' he said. This time, selected startups will also join an exclusive Investor Mixer. The event places founders in front of key venture capital firms and angel investors, allowing for real-time feedback and potential deal flow. Bahrain's startup engine The initiative feeds directly into the national innovation agenda. In collaboration with the Ministry of Industry & Commerce, Bahrain Economic Development Board, and Bahrain Development Bank, the program culminates in a live pitch competition under the StartUp Bahrain Pitch Series banner. Winners walk away with milestone-linked cash prizes and ongoing support from Raise partners. Applications are now open via the programme's official website. For Bahrain-based founders with scalable ideas and big ambitions, Raise may just be the shortest route from pitch to funding.
