Cybersecurity

Phones Hacked Without Clicking

Paul Asadoorian
Paul AsadoorianJun 10, 2026

Why It Matters

Zero‑click spyware like Pegasus can silently compromise any smartphone, exposing sensitive corporate and personal data, which forces firms to reassess mobile security and demand stricter oversight of surveillance technology sales.

Key Takeaways

  • NSO Group's Pegasus spyware exploited zero‑click vulnerability on WhatsApp.
  • Zero‑click attacks require no user interaction, making detection difficult.
  • Pegasus licenses sell for $3‑$30 million per government client.
  • Exploits can access messages, calls, camera, microphone, and location.
  • Bug bounty programs pay far less than market price for such flaws.

Summary

The video highlights a fresh incident where Israel’s NSO Group used its Pegasus spyware to infiltrate WhatsApp without any user interaction. The discussion frames the episode as part of a broader pattern of state‑sponsored cyber‑espionage targeting high‑value mobile devices.

Pegasus is sold to governments for roughly $3 million to $30 million per contract, and its zero‑click capability means a phone can be compromised simply by receiving a message, bypassing links or attachments. Once installed, the tool can read texts, intercept calls, activate the camera and microphone, and track the device’s location, effectively turning the phone into a full‑suite surveillance platform.

The presenter notes that a zero‑click iPhone exploit can command a minimum price of $1 million on the black market, yet the same vulnerability might fetch only a few thousand dollars through official bug‑bounty programs. He also references a “great book” on Pegasus, underscoring the growing public awareness of these threats.

For businesses and consumers, the episode underscores the escalating risk of undetectable mobile espionage and the widening gap between market prices for zero‑click exploits and the incentives offered by legitimate security programs. It calls for stronger device hardening, more aggressive vulnerability disclosure policies, and heightened scrutiny of government‑sponsored surveillance tools.

Original Description

NSO Group’s Pegasus spyware is once again tied to attacks involving WhatsApp. Pegasus uses zero-click exploits, meaning targets do not need to click a link or open an attachment for compromise to occur.
A successful zero-click exploit against modern smartphones can provide near-total device access, including messages, calls, microphones, cameras, and location tracking. Because these vulnerabilities are so powerful and rare, private exploit markets may value them far higher than traditional bug bounty programs, creating strong financial incentives to keep them secret.
Can defensive security models realistically keep pace when offensive mobile exploits are worth millions of dollars?
Subscribe to our podcasts: https://securityweekly.com/subscribe
#Pegasus #Hacking #SecurityWeekly #Cybersecurity #InformationSecurity #AI #InfoSec

Comments

Want to join the conversation?

Loading comments...