In collaboration with more than a dozen other news organizations The Guardian recently published an exposé about Pegasus, a toolkit for infecting mob

Scanning your iPhone for Pegasus, NSO Group's malware

submited by
Style Pass
2021-07-26 16:30:03

In collaboration with more than a dozen other news organizations The Guardian recently published an exposé about Pegasus, a toolkit for infecting mobile phones that is sold to governments around the world by NSO Group. It’s used to target political leaders and their families, human rights activists, political dissidents, journalists, and so on, and surreptitiously download their messages/photos/location data, record their microphone, and otherwise spy on them. As part of the investigation, Amnesty International wrote a blog post with their forensic analysis of several compromised phones, as well as an open source tool, Mobile Verification Toolkit, for scanning your mobile device for these indicators. MVT supports both iOS and Android, and in this blog post we’ll install and run the scanner against my iOS device.

For iPhones, MVT can either run against a device backup or a full file system dump (which is only available from jailbroken devices). The device backup method has access to less forensic data than the filesystem dump but has the benefit that you don’t need to jailbreak your device. MVT conveniently documents which forensic artifacts are available to which method - the following artifacts are not available when using the backup method:

Leave a Comment