What is 'zero-click hack' and how to protect yourself
What's the story
WhatsApp has announced that nearly 90 of its users across more than two dozen nations have been targeted by a sophisticated cyberattack, a "zero-click hack."
The advanced spyware, created by Israeli firm Paragon Solutions, permits hackers to access a user's device without any interaction from the victim.
It has been used against various people, including journalists and members of civil society.
Company action
WhatsApp's response to the 0-click hack
In the wake of the cyberattack, WhatsApp has sent a cease-and-desist letter to Paragon Solutions.
The Meta-owned company said, "We will continue to protect people's ability to communicate privately."
This comes after hackers took advantage of vulnerabilities in messaging apps and email clients via zero-click attacks.
These attacks are also referred to as zero-click exploits or interaction-less attacks due to their stealthy nature.
Attack mechanics
Zero-click attacks: A new cybersecurity threat
Zero-click attacks are executed by sending malicious electronic documents that compromise devices without any user interaction.
As soon as these files are received, the OS or app of the device processes them unknowingly, giving hackers access to sensitive data.
This includes messages, calls, photos, and even control over the mic and camera.
The stealthy nature of these attacks makes them particularly dangerous and difficult to detect.
Safety measures
WhatsApp's measures and user safety tips
WhatsApp has assured its users that it has successfully disrupted the hacking attempt and is committed to protecting user privacy.
The company advises users to keep their apps updated, enable automatic updates for security patches, and stay alert for signs of device compromise.
If a device is suspected of being compromised, it should be reported to the Cyber Cell immediately.
Investigation progress
Collaboration with law enforcement and Citizen Lab
WhatsApp is working with law enforcement and a Canada-based watchdog group on internet issues, Citizen Lab, to tackle this security breach.
The exact way to trace the hack back to Paragon Solutions has not been revealed, but it is confirmed that law enforcement and industry partners are actively working on the case.
This incident raises concerns over the rise in mercenary spyware, an emerging industry attracting attention from researchers and privacy advocates.