Like if nobody “asks” a piece of software to execute how does it get downloaded to my phone or PC and then execute it self ? I can understand attacks e.g where you download a jpeg and then click to open it and the jpeg had some extra malicious code in it etc, but without anybody “authorizing” anything how does the kernel allow the code to be run by the cpu etc ?
**EDIT** I am talking about forced entry zero click software like the one pegasus created for iphones
In: 190
The very simple explination is that your computer already does a ton of things automatically. So it’s just a matter of figuring out how to insert something malicious into something that’s already running.
For example, imagine if a hacker found a way to push a malicious “update” to your computer by exploiting a bug (vulnerability) in the windows update system. It would install the update automatically, and you’d be none the wiser. This would be the mother of all zero days though, because windows update can touch every part of your system, even the BIOS in some cases.
For another example, you already mentioned opening up a malicious jpeg. But, if you embed that jpeg on a web page, you can get a person’s web browser to download and open it automatically when they visit the page, because that’s actually how it’s supposed to work. Even more dangerouse is if you can slip that jpeg into a sidebar ad and have it served up on hundreds of different pages all over the internet. Fortunately, reputable ad agencies screen ads for that sort of thing before they put them up.
Latest Answers