Feb 20, 2023Ravie LakshmananMobile Security / Zero Day

Zero-Click Malware Attacks

Samsung has announced a new feature called Message Guard that comes with safeguards to protect users from malware and spyware via what’s referred to as zero-click attacks.

The South Korean chaebol said the solution “preemptively” secures users’ devices by “limiting exposure to invisible threats disguised as image attachments.”

The security feature, available on Samsung Messages and Google Messages, is currently limited to the Samsung Galaxy S23 series, with plans to expand it to other Galaxy smartphones and tablets later this year that are running on One UI 5.1 or higher.

Zero-click attacks are highly-targeted and sophisticated attacks that exploit previously unknown flaws (i.e., zero-days) in software to trigger execution of malicious code without requiring any user interaction.

Unlike traditional methods of remotely exploiting a device wherein threat actors rely on phishing tactics to trick a user into clicking on a malicious link or opening an rogue file, such attacks circumvent the need for social engineering entirely and provide an adversary with an entry point.

A majority of the zero-click exploits are engineered to take advantage of vulnerabilities in applications such as messaging, SMS, or email apps that receive and process untrusted data.

As a result, if there exists a security vulnerability in the manner an app interprets the incoming data, a threat actor could weaponize this shortcoming to craft a malicious image that, when sent to a target’s device, automatically executes the code embedded within it.

The lack of interaction involved in zero-click attacks means there are fewer traces of any nefarious activity, making them highly-prized tools to deliver spyware capable of monitoring individuals and harvesting a wealth of sensitive information.

Zero-Click Malware Attacks

Samsung’s Message Guard works against a number of image formats, including PNG, JPG/JPEG, GIF, ICO, WEBP, BMP, and WBMP, and essentially acts as a sandbox that’s designed to quarantine images received via the app from the rest of the operating system.

“Message Guard checks the file bit by bit and processes it in a controlled environment to ensure it cannot infect the rest of your device,” the company said.

The feature is also analogous to a feature in Apple’s iMessage called BlastDoor that the tech giant incorporated in iOS 14 as a means to counter zero-click attacks via its messaging app.

Apple, last year, also introduced an “extreme, optional protection” setting dubbed Lockdown Mode that hardens iPhones and iPads against “extremely rare and highly sophisticated cyber attacks.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Source: thehackernews.com/