Zero-click hacking enables a hacker to sneak into a device, say a phone or computer, even when the user does not open a malicious link or attachment. The ploy is used by the government agencies more frequently to snoop on activists, journalists and others.

The zero-click snoop companies include NSO Group, Paragon, Candiru and Cognyte Software.

One step that reduces the chances of zero-click attack is to keep the operating system updated. There are other methods — uninstall messaging apps (these are gateways to breach the device), shut certain social media accounts. However, these measures are not practical.

A zero-click attack may not leave traces the device. Sometimes, such an attack does not go as planned. Then traces are left on the device which can be identified.

A Saudi Arabian women rights activist Loujain’s iPhone had a mysterious fake image file mistakenly left behind by the NSO spyware which alerted the research workers. Citizen Lab contended that the computer code left by the attack on her phone was direct evidence of the NSO built surveillance tool. It led Apple to alert others around the world, and provided the basis of Apple’s November 2021 lawsuit against NSO.