How to Check if Your iPhone Has Been Infected with Pegasus Spyware

BY Sanuj Bhatia

Published 20 Jul 2021

pegasus spyware iOS 14

Pegasus spyware has been making headlines for the past few days. The tool developed by Israeli private company NSO has been accused of collecting the personal data of thousands of journalists, human rights activists, and politicians. Though highly unlikely, Amnesty International has developed a tool that lets you check if your iPhone has been infected with the Pegasus spyware.

According to the reports that came out yesterday, Pegasus spyware made it inside the victims’ iPhones by the iMessage zero-click exploit, which was thought to be fixed. After these allegations, Apple’s head of security Ivan Krstić said that the exploit isn’t a threat “to the most.”

Though it is highly unlikely that the Pegasus spyware is installed on your iPhone, Amnesty International has developed a tool that lets you check your iPhone for the spyware.

The toolkit, known as Mobile Verification Toolkit, isn’t a piece of software that you can install on your iPhone and check for spyware. It works via the command-line tool on your laptop and requires your iPhone to be connected via the cable. TechCrunch was able to get the toolkit working on their iPhone (via the command-line tool).

“MVT will let you take an entire iPhone backup (or a full system dump if you jailbreak your phone) and feed in for any indicators of compromise (IOCs) known to be used by NSO to deliver Pegasus, such as domain names used in NSO’s infrastructure that might be sent by text message or email. If you have an encrypted iPhone backup, you can also use MVT to decrypt your backup without having to make a whole new copy.”

The toolkit works by checking the backup file of your iPhone. It feeds Amnesty’s IOCs into the iPhone backup file and checks if there are any traces of the spyware in it. Moreover, if your iPhone is jailbroken, you can dump the full filesystem onto the tool and it will provide better (and accurate) results.

There has been some misreporting about the toolkit. The tool is said to be working better on iPhone, which has led many people to think that iPhones are more vulnerable to the spyware as compared to the Android phones. However, this isn’t the case. The truth is that Amnesty focused its efforts on iPhones, and since iPhones provide a better (and secure) system as compared to Android, the toolkit makes it easier to detect when a phone has been compromised.

The toolkit works on Android as well, but it might not provide 100% accurate results.

[Via TechCrunch]