This week one of the biggest spy scandals in recent years has been uncovered. The Israeli company NSO Group has a powerful system to breach the security of mobile devices (iPhone and Android) and thus access personal data, chats of messaging services, as well as activate cameras, microphones and geolocation functions. This spyware, known as Pegasus, would have been used to spy on a large number of journalists, businessmen, activists and politicians, including French President Emmanuel Macron and 13 other heads of state.
According to the company, Pegasus was developed to aid in lawful investigations into terrorism or crime. NSO Group insists that it only sells this software to duly verified government entities and that it refuses to distribute it to clients whose actions go against Human Rights. However, an international media consortium has published a list of some 50,000 tracking targets. That is, it would have been used beyond its limits.
The existence of this type of tool is alarming in itself. Pegasus has the ability to compromise any iPhone and Android device with ease. Victims don’t even have to click on a link to “fall for it.” Software takes advantage of operating system vulnerabilities to achieve its mission. According to recent research, up to iOS 14.6 is vulnerable.
Pegasus cannot be invisible to MVT
Against this background it is not surprising that many people doubt the integrity of their phone. Luckily, there is a tool capable of verifying if a mobile device has been infected by Pegasus. The same, known as MVT, requires a few steps and basic knowledge to use a command terminal. The software cannot scan the device directly, so it is necessary to perform a full system backup on the computer before starting the process, that is, MVT will verify the iOS or Android backup.
The tool is available on the developer’s page at GitHub. Since a wide range of commands must be used and these change according to the terminal (iOS or Android) and operating system of the computer, it is recommended consult the kit guide mobile verification to carry out the procedure. Also, review the methodology report created by Amnesty International to detect threats and rule out false positives.
Basically, the process to verify if the device is infected with Pegasus includes the following steps:
- Decrypt the backups.
- Process and analyze the records of the system databases of applications.
- Extract installed applications.
- Compare extracted logs for threats.