Scribd Logo
Upload

Welcome to Scribd!

  • Here's How To Check Your Phone For Pegasus Spyware Using Amnesty's Tool - The Verge

    Uploaded by

    labendet
    18 views4 pages

    Original Title

    Here’s how to check your phone for Pegasus spyware using Amnesty’s tool - The Verge

    Copyright

    © © All Rights Reserved

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Flag for inappropriate content
    18 views4 pages

    Here's How To Check Your Phone For Pegasus Spyware Using Amnesty's Tool - The Verge

    Uploaded by

    labendet

    Copyright:

    © All Rights Reserved
    Flag for inappropriate content
    of 4

    Here’s how to check your phone for Pegasus spyware using Amnesty’s... https://www.theverge.com/2021/7/21/22587234/amnesty-international...

    POLICY TECH PRIVACY

    Here’s how to check your phone 10

    for Pegasus spyware using


    Amnesty’s tool
    The process involves some terminal work, but it’s relatively
    straightforward
    By Mitchell Clark Jul 21, 2021, 5:45pm EDT

    Illustration by Alex Castro / The Verge

    Amnesty International — part of the group that helped break the news of journalists

    1 of 4 7/24/2021, 12:12 PM
    Here’s how to check your phone for Pegasus spyware using Amnesty’s... https://www.theverge.com/2021/7/21/22587234/amnesty-international...

    and heads of state being targeted by NSO’s government-grade spyware, Pegasus


    — has released a tool to check if your phone has been affected. Alongside the tool
    is a great set of instructions, which should help you through the somewhat technical
    checking process. Using the tool involves backing up your phone to a separate
    computer and running a check on that backup. Read on if you’ve been side-eyeing
    your phone since the news broke and are looking for guidance on using Amnesty’s
    tool.

    The first thing to note is the tool is command line or terminal based, so it will take
    either some amount of technical skill or a bit of patience to run. We try to cover a lot
    of what you need to know to get up and running here, but it’s something to know
    before jumping in.

    IT WILL TAKE SOME AMOUNT OF TECHNICAL SKILL OR A BIT OF PATIENCE


    The second note is that the analysis Amnesty is running seems to work best for iOS
    devices. In its documentation, Amnesty says the analysis its tool can run on
    Android phone backups is limited, but the tool can still check for potentially
    malicious SMS messages and APKs. Again, we recommend following its
    instructions.

    To check your iPhone, the easiest way to start is by making an encrypted backup
    either using iTunes or Finder on a Mac or PC. You’ll then need to locate that
    backup, which Apple provides instructions for. Linux users can follow Amnesty’s
    instructions on how to use the libimobiledevice command line tool to create a
    backup.

    After getting a backup of your phone, you’ll then need to download and install
    Amnesty’s mvt program, which Amnesty also provides instructions for.

    If you’re using a Mac to run the check, you’ll first need to install both Xcode, which
    can be downloaded from the App Store, and Python3 before you can install and run
    mvt. The easiest way to obtain Python3 is using a program called Homebrew, which
    can be installed and run from the Terminal. After installing these, you’ll be ready to
    run through Amnesty’s iOS instructions.

    2 of 4 7/24/2021, 12:12 PM
    Here’s how to check your phone for Pegasus spyware using Amnesty’s... https://www.theverge.com/2021/7/21/22587234/amnesty-international...

    YOU’LL WANT TO MAKE SURE YOUR IPHONE’S BACKUP IS ENCRYPTED WITH A PASSWORD
    If you run into issues while trying to decrypt your backup, you’re not alone. The tool
    was giving me errors when I tried to point it to my backup, which was in the default
    folder. To solve this, I copied the backup folder from that default location into a
    folder on my desktop and pointed mvt to it. My command ended up looking like this:

    (For illustration purposes only. Please use commands from Amnesty’s


    instructions, as it’s possible the program has been updated.)

    mvt-ios decrypt-backup -p PASSWORD -d decrypt ~/Desktop/bkp/orig

    When running the actual scan, you’ll want to point to an Indicators of Compromise
    file, which Amnesty provides in the form of a file called pegasus.stix2. Those who
    are brand-new to using the terminal may get tripped up on how to actually point to a
    file, but it’s relatively simple as long as you know where the file is. For beginners, I’d
    recommend downloading the stix2 file to your Mac’s Downloads folder. Then, when
    you get to the step where you’re actually running the check-backup command, add

    -i ~/Downloads/pegasus.stix2

    into the option section. For reference, my command ended up looking like this.
    (Again, this is for illustration purposes only. Trying to copy these commands and run
    them will result in an error):

    mvt-ios check-backup -o logs --iocs ~/Downloads/pegasus.stix2 ~/Desktop


    /bkp/decrypt

    (For reference, the ~/ is more or less acting as a shortcut to your user folder, so you
    don’t have to add in something like /Users/mitchell.)

    Again, I’d recommend following along with Amnesty’s instructions and using its
    commands, as it’s always possible that the tool will have been updated. Security
    researcher @RayRedacted on Twitter also has a great thread going through some
    of the issues you may run into while running the tool and how to deal with them.

    3 of 4 7/24/2021, 12:12 PM
    Here’s how to check your phone for Pegasus spyware using Amnesty’s... https://www.theverge.com/2021/7/21/22587234/amnesty-international...

    THE INVESTIGATION DIDN’T FIND EVIDENCE THAT US PHONES HAD BEEN BREACHED BY
    PEGASUS
    As a final note, Amnesty only provides instructions for installing the tool on macOS
    and Linux systems. For those looking to run it on Windows, The Verge has
    confirmed the tool can be used by installing and using Windows Subsystem for
    Linux (WSL) and following Amnesty’s Linux instructions. Using WSL will require
    downloading and installing a Linux distro, like Ubuntu, which will take some time. It
    can, however, be done while you wait for your phone to backup.

    After running mvt, you’ll see a list of warnings that either list suspicious files or
    behavior. It’s worth noting that a warning doesn’t necessarily mean you’ve been
    infected. For me, some redirects that were totally above board showed up in the
    section where it checked my Safari history (sheets.google.com redirecting to
    docs.google.com, reut.rs redirecting to reuters.com, etc). Likewise, I got a few
    errors, but only because the program was checking for apps that I don’t have
    installed on my phone.

    The story around Pegasus has likely left many of us regarding our phones with a bit
    more suspicion than usual, regardless of whether we’re likely to be targeted by a
    nation-state. While running the tool could (hopefully) help to ease some fears, it’s
    probably not a necessary precaution for many Americans. NSO Group has said its
    software cannot be used on phones with US numbers, according to The
    Washington Post, and the investigation didn’t find any evidence that US phones
    had been successfully breached by Pegasus.

    While it’s nice to see that Amnesty made this tool available with solid
    documentation, it only really helps to address the privacy concerns around
    Pegasus. As we’ve seen recently, it doesn’t take a government targeting your
    phone’s microphone and camera to get private information — the data broker
    industry could be selling your location history even if your phone is Pegasus-free.

    4 of 4 7/24/2021, 12:12 PM

    You might also like