In case you’ve been hiding away a little too well and haven’t seen that there is, for the most part, government-controlled and sanctioned spyware called Pegasus going around, check this out. Go on, we’ll wait.
Now that you’re up to speed about Pegasus and the fact that your images, messages and conversations may have been compromised, we might have a bit of better news.
Introducing the Mobile Verification Toolkit
Security Lab, the technical wing of Amnesty International — who belong to the group that initially broke the news about Pegasus being used on the phones of journalists and heads of state — has released what it calls the Mobile Verification Toolkit.
This collection of tools allows you, the everyday person, to check if your phone has been compromised by Pegasus. We should warn you though that it can be a bit of a technical and lengthy process. Luckily, the group has released some pretty good instructions alongside the tool to guide you along the process.
The pwnd becomes the pwner
If you’re eager to see if your government thinks of you as a person of interest then we will again mention that the process is command-line or terminal-based. So if that sounds like new-age garbage then maybe grab a nearby millennial to help you.
If you’ve got an iPhone and macOS device then you’ve got the easier go of installing and running the tool. The analysis can be run on android backups but it’s limited to check for sus SMS messages and APKs. If you want to run the check on a windows device then, while not impossible, will require a lot more patience, but we’ll get to that.
Hunt the Pegasus
If you’re in the Apple crowd then create an encrypted backup of your iOS device using iTunes or Finder. Then you’ll need to find the backup. If you’re on a Mac, you’ll first have to download Xcode from the App Store. You’ll also need Python 3.6+, which you can get through a nifty tool called Homebrew which you’ll need to run from the terminal. Once you’ve done all that you’re ready to go through Amnesty’s iOS instructions.
We can’t state enough that if you’re interested in doing this yourself then head over to the instructions provided by Amnesty themselves as the toolkit may be updated at any point. Cybersecurity researcher @RayRedacted has a pretty well-documented thread running where he goes through some hiccups he’s faced if you get stuck.
Windows gets the short end, for now
If you’re wanting to run the check on a Windows device then there are a few extra steps you’ll need to take. First, you’ll need to install the Windows Subsystem for Linux, then you’ll need to download and install a Linux distribution of your choice, like Ubuntu. Then you can go ahead and follow the Linux steps here.
It needs to be said that while you’re attempting to run this check, or really whenever you need to download anything, make sure it’s from reputable sources. So stick to the links contained in this article or go directly to the site yourself.
It also needs to be clear what the aim of this toolkit is so that there aren’t any confusion or disappointments. As the official website says, “Mobile Verification Toolkit (MVT) is a tool to facilitate the consensual forensic analysis of Android and iOS devices, for the purpose of identifying traces of compromise.”
Source: The Verge