According to Project Pegasus, what are zero-click attacks?

Claims of phone hacking have again criticized the Modi government's surveillance policies  reign science & Technology news

Points Highlighted:

  • How do zero-click attacks work?
    A zero-click attack helps spyware like Pegasus gain control over a device without human interaction or human error. So all awareness about how to avoid a phishing attack or which links not to click are pointless if the target is the system itself. Most of these attacks exploit software which receive data even before it can determine whether what is coming in is trustworthy or not, like an email client.

  • The Guardian quoted Claudio Guarnieri, who runs Amnesty International’s Berlin-based Security Lab, as saying that once a phone was infiltrated, Pegasus had “more control” over it than the owner. This is because in an iPhone, for instance, the spyware gains “root-level privileges”. After this it can view everything from contact lists to messages and internet browsing history and send the same to the attacker.

Earlier this year, cybersecurity firm ZecOps claimed iPhones and iPads have had a traditional vulnerability to unassisted attacks, especially with its mail app. From iOS 13, this became a vulnerability to zero-click attacks too. “The vulnerability allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume a significant amount of memory,” a ZecOps blog published this April said. Apple reportedly patched this in April 2020.

In November 2019, Google Project Zero security researcher Ian Beer showed how attackers take complete control of an iPhone in radio proximity without any user interaction. He claimed his exploit targeted the Apple Wireless Device Link (AWDL), the peer-to-peer wireless connectivity protocol that iOS devices use to talk to each other. Apple patched this when it released iOS 13.3.1, but accepted that it was powerful enough to “shut off or reboot systems or to corrupt kernel memory”.

Don’t miss |The making of Pegasus, from startup to spy-tech leader

On Android phones running version 4.4.4 and beyond, the vulnerability was via the graphics library. Attackers have also exploited vulnerabilities in Whatsapp, where a phone could be infected even if an incoming malicious call was not picked up, and in Wi-Fi, chipsets users to stream games and movies.

However, Amnesty claims even patched devices with the latest software have been breached.

The Techgadgetguides is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com Inc.
We will be happy to hear your thoughts

Leave a reply

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.

Tech Reviews and Guides | Techgadgetguides.com
Logo