Follow Us:
Tuesday, August 09, 2022

Explained: Pegasus uses ‘zero-click attack’ spyware; what is this method?

A zero-click attack helps spyware like Pegasus gain control over a device without human interaction or human error. Can they be prevented?

Written by Nandagopal Rajan , Edited by Explained Desk | New Delhi |
Updated: August 3, 2021 1:39:13 pm
Zero-click attacks are hard to detect given their nature and hence even harder to prevent.

One of the worrying aspects of the Pegasus spyware is how it has evolved from its earlier spear-phishing methods using text links or messages to ‘zero-click’ attacks which do not require any action from the phone’s user. This had made what was without a doubt the most powerful spyware out there, more potent and almost impossible to detect or stop.

The Guardian quoted Claudio Guarnieri, who runs Amnesty International’s Berlin-based Security Lab, as saying that once a phone was infiltrated, Pegasus had “more control” over it than the owner. This is because in an iPhone, for instance, the spyware gains “root-level privileges”. After this it can view everything from contact lists to messages and internet browsing history and send the same to the attacker.

How do zero-click attacks work?

A zero-click attack helps spyware like Pegasus gain control over a device without human interaction or human error. So all awareness about how to avoid a phishing attack or which links not to click are pointless if the target is the system itself. Most of these attacks exploit software which receive data even before it can determine whether what is coming in is trustworthy or not, like an email client.

Earlier this year, cybersecurity firm ZecOps claimed iPhones and iPads have had a traditional vulnerability to unassisted attacks, especially with its mail app. From iOS 13, this became a vulnerability to zero-click attacks too. “The vulnerability allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume a significant amount of memory,” a ZecOps blog published this April said. Apple reportedly patched this in April 2020.

Subscriber Only Stories
Delhi Confidential: Raghav Chadha strikes a lyrical note as he bids farew...Premium
PM’s Office declares assets of Ministers, Modi donates share in only prop...Premium
9 FIRs, many notices: Shrikant Tyagi’s long record of notorietyPremium
Post pandemic, employees reluctant to return, firms take offices to small...Premium

In November 2019, Google Project Zero security researcher Ian Beer showed how attackers take complete control of an iPhone in radio proximity without any user interaction. He claimed his exploit targeted the Apple Wireless Device Link (AWDL), the peer-to-peer wireless connectivity protocol that iOS devices use to talk to each other. Apple patched this when it released iOS 13.3.1, but accepted that it was powerful enough to “shut off or reboot systems or to corrupt kernel memory”.

On Android phones running version 4.4.4 and beyond, the vulnerability was via the graphics library. Attackers have also exploited vulnerabilities in Whatsapp, where a phone could be infected even if an incoming malicious call was not picked up, and in Wi-Fi, chipsets users to stream games and movies.


However, Amnesty claims even patched devices with the latest software have been breached.

Can zero-click attacks be prevented?

Zero-click attacks are hard to detect given their nature and hence even harder to prevent. Detection becomes even harder in encrypted environments where there is no visibility on the data packets being sent or received.

One of the things users can do is to ensure all operating systems and software are up to date so that they would have the patches for at least vulnerabilities that have been spotted. Also, it would make sense to not sideload any app and to download only via Google Play or Apple’s App Store.


If you are paranoid, one way to go is to stop using apps altogether and switch to the browser for checking mails or social media, even on the phone. Yes, this is not convenient, but it is more secure, suggest experts.

Newsletter | Click to get the day’s best explainers in your inbox

TWO IS ALWAYS BETTER | Our two-year subscription package offers you more at less

📣 Join our Telegram channel (The Indian Express) for the latest news and updates

For all the latest Explained News, download Indian Express App.

  • Newsguard
  • The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
  • Newsguard
First published on: 19-07-2021 at 08:55:32 am
0 Comment(s) *
* The moderation of comments is automated and not cleared manually by

Featured Stories