> Recently, however, it has been documented that NSO is offering their clients zero-click exploitation technology, where even very technically savvy targets who might not click a phishing link are completely unaware they are being targeted. In the zero-click scenario no user interaction is required. Meaning, the attacker doesn't need to send phishing messages; the exploit just works silently in the background. Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it's a weapon against which there is no defense.
Having iMessage disabled and no SIM card in the phone (use an external wifi vpn router with a sim) is a mitigation, and is one that I use.
They are discussing a descriptive class of attacks and saying there is no defense against them. Clearly there are defenses; it's a bit sensationalistic.
Having iMessage disabled and no SIM card in the phone (use an external wifi vpn router with a sim) is a mitigation, and is one that I use.