Zero-click exploits are attacks that compromise a device without any user interaction. No tapping, opening, or installing is required. They work by sending specially crafted data to apps that automatically process incoming content, such as messaging services or call handlers. If a vulnerability exists, the data triggers code execution as soon as it is received. Capabilities after compromise depend on the exploit chain but often include access to messages, files, microphone, camera, and location. Encryption is bypassed by capturing data on the device before it is secured. They rely on rare, high-value software flaws and are typically used by well-funded actors due to cost and limited availability. Regular updates and reducing exposed services lower risk but do not eliminate it.

This explanation was created with ChatGPT.

April 6, 2026

• Translation