These attacks exploit mobile communication network vulnerabilities and use clever methods to get into phones without alerting the user, writes Philip Ingram MBE.

Cybersecurity threats have evolved way beyond traditional hacking methods.

According to Sophos, the Cybersecurity company, the FBI warned that cybercriminals have registered more than 10, 000 domains, to launch SMS-based attacks on unsuspecting citizens recently.   

SMS threats barely scratch the surface. A more dangerous threat called Zero Click attacks can now compromise your phone without you doing anything at all.

These sophisticated attacks take control of your camera, record your calls and access your messages – leaving no trace behind.

The numbers are frightening, again according to Sophos, “a single vulnerability gave hackers potential control over nearly a billion Android devices through a simple multimedia message.”   

Zero Click attacks are exactly what they say on the tin, so to speak, they are a new breed of mobile threats that work without leaving visible traces. These attacks exploit mobile communication network vulnerabilities and use clever methods to get into phones without alerting the user.   

A new approach 

According to messagecentral.com, “Attackers start by sending specially crafted binary code messages through carrier networks. While these messages usually serve promotional purposes, bad actors have discovered ways to use them to collect sensitive data such as location tracking through base station updates, IMEI number collection and call interception capabilities.  

These attacks become dangerous because they work without triggering notifications. Your device confirms delivery of a silent SMS, but nothing appears on your screen.

The attacks target network infrastructure instead of specific phone models, so they can affect any mobile device on a vulnerable network.  

These new attacks are different from regular cyber-attacks that typically need user interaction, but silent attacks can compromise devices through various “zero-click” methods. These attacks stand out from typical hacks in several ways:  

They bypass regular security measures by exploiting flaws in default phone applications. To name just one example in The Guardian newspaper, a recent WhatsApp vulnerability let attackers install spyware through missed calls – targets didn’t even need to answer. 

Modern silent attacks often use “zero-day” vulnerabilities – security flaws phone manufacturers don’t know about.

Once installed, these attacks can turn your phone into a 24-hour surveillance device, extract any file or information and work only in temporary memory, leaving minimal traces.  

Silent attacks 

Silent attacks differ from typical hacks because they stay hidden and don’t need user engagement.

Regular malware might show infection signs, but silent attacks can run forever without affecting device performance.  

Haseeb Awan writing for Efani.com said, “Since these attacks target basic network protocols instead of individual devices, regular security measures often can’t detect them.”  

The University of Florida identified that, “These attacks keep getting more sophisticated. New developments include electromagnetic signal manipulation, where attackers can control touchscreens remotely through antenna arrays. The range limits and specific conditions needed show how silent phone threats continue to evolve.” 

Apps create another way for attackers to get in. Security experts at Darkreading.com found “a serious flaw in Apple Shortcuts that let attackers bypass security and steal data without asking for permission.” Apple and the App Store have been held up as the gold standard for security however, Cybernews researchers analysed 156,080 randomly selected iOS apps, about 8% of the apps present in the App store and found a different story. “71% of them leak sensitive data, including API keys, cloud storage credentials, and financial information.”  

Whether apps are from Apple or Android or other app stores, there are common features that make your device more vulnerable.

Malicious apps often ask for too many permissions, so regular permission checks are vital. Android users should head to Settings > Apps > Permissions to see what each app can access.  

Not only can cyberattackers exploit your mobile devices using zero click spyware and leaky apps but can exploit your device as it connects to the mobile network.   

Immediate action is needed 

Attack methods keep getting more advanced. New discoveries show that vulnerabilities in iMessage and WhatsApp let attackers create backdoors into hundreds of millions of devices. 

Silent phone attacks are a serious threat that just needs immediate action.

These sophisticated attacks keep evolving, which makes traditional security measures nowhere near as effective against modern exploitation techniques.  

Regular security checks are now essential.

You should look for unusual battery drain patterns, unexpected app behaviours and suspicious network activities.

Simple security practises like keeping software updated, avoiding questionable apps, and using secure networks will substantially reduce your risk exposure.  

Prevention works better than recovery.

Security breaches often cause irreversible damage, yet many attacks succeed through simple security oversights.

Taking proactive steps today – reviewing app permissions, monitoring network activity, and implementing strong authentication – provides significant protection against these invisible threats.  

Mobile security threats might seem overwhelming. Understanding their nature and implementing proper safeguards helps protect your digital life.

Start with the protective measures outlined in this piece, stay informed about emerging threats, and update your security practises to match evolving attack methods.  

Just think how much we process on our mobile devices now and how critical they are to controlling our security networks. They are an extension of the person and Bruce Schneier, Cryptographer and computer security professional sums the vulnerability up well when he says, “Amateurs hack systems, and professionals hack people.”  

This article was originally published in the April 2025 Edition of Security Journal UK. To read your FREE digital edition, click here.