The process involves some terminal work, but it’s relatively simple.
Amnesty International – part of the group that helped journalists break news and heads of state NSO’s government-grade spyware, Pegasus — is being targeted by released a tool Here’s how to check if your phone has been affected. is with equipment a great set of instructions, which should help you with the technical check process to some extent. Using the tool involves backing up your phone to a different computer and running a check on that backup. Read if you’ve been eyeing your phone since the news and looking for guidance on using Amnesty’s tools.
The first thing to note is that the tool is command line or terminal based, so it will either take some technical skill or a little patience to get it running. We try to cover everything you need to know to get up and running here, but there’s something you need to know before jumping in.
The second note is that the analysis Amnesty is doing works best for iOS devices. In its documentation, Amnesty says that the analysis its tool can run on Android phones is limited. Backup is limited, but the tool can still check for potentially malicious SMS messages More APK. again, we recommend following its instructions.
To check your iPhone, the easiest way to start is an encrypted backup Too Using iTunes or Finder on Mac or PC. Then you need to find the backup that Apple Provides Instructions for. Linux users can follow Amnesty’s instructions How to use the libimobiledevice command line tool to create a backup.
After backing up your phone, you’ll need to download and install Amnesty’s MVT program called Amnesty. also gives instructions for.
If you’re using a Mac to run check, you’ll first need to have both Xcode, which can be downloaded from the App Store, and Python3 installed and installed before running mvt. The easiest way to get Python3 is a . is using Program called Homebrew, which can be installed and run from terminal. After installing these, you’ll be ready to walk through Amnesty’s iOS Instructions.
If you encounter problems while trying to decrypt your backups, you are not alone. The tool was giving me errors when I tried to point it at my backup, which was in the default folder. To resolve this, I copied the backup folder from that default location to a folder on my desktop and pointed to MVT. My command looks like this:
(For illustrative purposes only. Please use commands from Amnesty’s instructions, as it is possible that the program has been updated.)
mvt -ios decrypt -backup -p password -d decrypt ~/Desktop/bkp/origin
When running the actual scan, you’ll want to pinpoint the indicator of a compromised file, which Amnesty offers As a file named Pegasus.stix2. Those who are brand new to using Terminal may be confused about how to actually point to a file, but it’s relatively simple as long as you know where the file is. For beginners, I would recommend downloading the stix2 file to your Mac’s Downloads folder. Then, when you get to the step where you’re actually running the check-backup command, add
in the options section. For reference, my command is looking like this. (Again, this is for illustrative purposes only. Trying to copy these commands and run them will result in an error):
mvt-ios check-backup -o logs –iocs ~/Downloads/pegasus.stix2 ~/Desktop/bkp/decrypt
(For reference, ~/ is more or less acting as a shortcut to your user folder, so you don’t need to add in something like /Users/mitchell .)
Again, I recommend following Amnesty’s instructions and using its commands, as it is always possible that the equipment has been updated. Security researcher @RayRedacted is also on Twitter a great thread Going through some of the problems you may face while operating the tool and how to deal with them.
As a final note, Amnesty only provides instructions for installing the tool on macOS and Linux systems. For those who want to run it on Windows, ledge Confirmed that the equipment can be used Installing and Using Windows Subsystem for Linux (WSL) and following Amnesty’s Linux instructions. To use WSL a Linux distro like Ubuntu needs to be downloaded and installed, which will take some time. However, it can be done while you are waiting for your phone to back up.
After running mvt, you’ll see a list of warnings that either list suspicious files or behavior. It’s worth noting that the warning doesn’t necessarily mean you’ve been infected. For me, some redirects that were completely above board showed up in the section where it checked my Safari history (sheets.google.com redirecting to docs.google.com, reut.rs reuters.com redirecting, etc.). Similarly, I got some errors, but only because the program was checking for apps that I didn’t have installed on my phone.
The story surrounding Pegasus has left many of us with a little more skepticism than usual about our phones, even if we are likely to be targeted by a nation-state. While operating the equipment can (hopefully) help ease some fears, it is probably not a necessary precaution for many Americans. NSO Group has said that its software cannot be used on phones with US numbers. According to Washington Post, and the investigation found no evidence that US phones were successfully breached by Pegasus.
While it’s nice to see Amnesty provide this tool with solid documentation, it really helps address the privacy concerns surrounding Pegasus. As we’ve seen recently, the government doesn’t have to target your phone’s microphone and camera to get private information – the data broker industry can sell your location history, even if your phone is Pegasus-free .