Israel’s NSO Group might prefer to work in the shadows, but the technology firm keeps making headline news. Earlier this week, a bombshell report from Amnesty International revealed that NSO Group’s Pegasus spyware has been used by authoritarian governments to hack into the phones of thousands of journalists and human rights activists.
Whether or not you’re a journalist or an activist, this is still a terrifying prospect. Thankfully, there’s a way to check if the Pegasus spyware has compromised your device. Amnesty International released a free Mobile Verification Toolkit (MVT) alongside its report which “is a modular tool that simplifies the process of acquiring and analysing data from Android devices, and the analysis of records from iOS backups and filesystem dumps, specifically to identify potential traces of compromise.”
The good news is that this tool exists. The bad news is that it’s relatively complicated to operate. As noted by TechCrunch, you’ll need to use the command line, so brush up on your terminal skills. If you own an iPhone, the first step is to decide whether or not you want to jailbreak it. This isn’t necessary, but it’s the only way to get a full filesystem dump.
How to check for Pegasus spyware on your iPhone
Chances are that you don’t want to jailbreak your iPhone in 2021, so instead, make a backup. Next, you need to load the MVT up with Amnesty’s IOCs (indicators of compromise) related to the Pegasus spyware. You can find them on this Github page. Once the process begins, the MVT scans your backup file for signs of compromise. After a minute or two, the process ends and the tool will produce a folder with several files inside. If there is any evidence of spyware, the files will make this clear.
It’s also possible to use the tool with Android devices, but it’s not quite as reliable.
In all likelihood, neither Morocco nor the United Arab Emirates hacked into your iPhone. That said, it’s always better to be safe than sorry, so if you’ve got the time, it can’t hurt to check. This is also a crucial reminder that no smartphone platform is safe. While it’s true that Android has more instances of hacks and exploits, Apple’s iPhone and the iOS platform are not immune. Too many iPhone users have a false sense of security, and it could lead to big problems. Pegasus is just the latest in a long line of examples of malware that can impact Apple’s mobile devices.