Zero-click iMessage zeroday used to hack the iPhones of 36 journalists

One reason these so-called zero-click attacks are effective is that they have a much higher chance of success, since they can strike targets even when victims have considerable training in preventing such attacks.Another key benefit of zero-click exploits is that they’re much harder for researchers to track afterward.“The current trend towards zero-click infection vectors and more sophisticated anti-forensic capabilities is part of a broader industry-wide shift towards more sophisticated, less detectable means of surveillance,” Citizen Lab researchers Bill Marczak, John Scott-Railton, Noura Al-Jizawi, Siena Anstis, and Ron Deibert wrote. “Although this is a predictable technological evolution, it increases the technological challenges facing both network administrators and investigators.”Elsewhere in the report, the authors wrote:More recently, NSO Group is shifting towards zero-click exploits and network-based attacks that allow its government clients to break into phones without any interaction from the target, and without leaving any visible traces. However, when we receive credible evidence of misuse with enough information which can enable us to assess such credibility, we take all necessary steps in accordance with our investigation procedure in order to review the allegations.Unlike Citizen Lab, which only has ‘medium confidence’ in their own work, we KNOW our technology has saved the lives of innocent people around the world.We question whether Citizen Lab understands that by pursuing this agenda, they are providing irresponsible corporate actors as well as terrorists, pedophiles, and drug cartel bosses with a playbook for how to avoid law enforcement.NSO, meanwhile, will continue to work tirelessly to make the world a safer place.As noted earlier, zero-click zerodays are difficult if not impossible to prevent even by users with extensive security training.