Amnesty International is part of the group that helped break the news of head of state and journalists being targeted by NSO’s government-grade spyware; Pegasus has released a tool to check if the user’s phone is affected or not. Along with the tool, a great set of instructions help through the somewhat technical checking process. If users have to use the tool, they have to back up their phone with a separate computer and check on that backup.
The tool is terminal-based or command line, so it will take a patient to run or some technical skills. The analysis Amnesty seems to work best for iOS devices. Amnesty, in its documentation, says the analysis tool can run on Android phones, but backups are limited still; the tool can still check for potentially malicious APKs and SMS Messages.
Steps to check the iPhone –
- By making an encrypted backup, users can start either using Finder or iTunes on a PC or Mac.
- Then backup needs to be located, which Apple provides instruction.
- Linux users can follow Amnesty’s instructions on using the libimobiledevice command-line tool to create a backup.
- After the phone’s backup, download and install Amnesty’s mvt program, which Amnesty also provides instruction.
- If Mac is used to running the check 1st, install both Xcode, which can be downloaded from the App Store and Python3 before installing and running mvt. The quickest way to obtain Python3 is using a program called Homebrew which can be installed and run from the Terminal. After installing these, users will be able to run through Amnesty’s iOS instructions.
- If the users run into issues while trying to decrypt backup, copy the backup folder from that default location into a folder on the desktop and point them to it.
- When running the actual scan, users will want to point to an Indicators of Compromise file, which Amnesty provides in the form of a file called pegasus.stix2. For beginners, down the stix2 file to your Mac’s Downloads folder.
- Then when users get into the step where users are running the check-backup command, add it into the options section.
- Follow Amnesty’s instructions and use its commands because the tool might have an update.
- Only instructions for installing the tool on macOS and Linux systems are provided by Amnesty.
- After running mvt, users will see a list of warnings that either list suspicious files or behavior. The warning does not mean that the user’s phone is infected.
