Detecting Pegasus Spyware with iMazing
Apple mobile devices and the iPhone in particular are generally regarded as highly secure consumer-grade computing devices. Apple's commitment to security is very real, and that commitment is made evident by the very design of iOS as well as by a steady flow of new features aiming at enhancing user privacy and security. Yet, in July 2021, The Pegasus Project revealed widespread use of military-grade spyware by repressive governments targeting both Android and Apple phones.
These revelations highlight anti-democratic use of advanced surveillance technology which goes far beyond the scope of legitimate criminal or terrorism investigations. Particularly disheartening is the fact that no iPhone is safe – even the latest and fully updated devices were targeted, and successful infections have taken place without any user interaction ('zero-click' attacks). In some cases, all it took was to receive a malicious message, which could then be deleted by the attacker before the user ever became aware of the attack.
In order to prove widespread and overreaching use of surveillance, The Pegasus Project needed to perform digital forensics on the devices of multiple targeted politicians, activists, journalists and lawyers. In that context, Amnesty International's Security Lab developed generic mobile spyware detection methodology and compiled a list of IOCs (Indicators of Compromise) related to Pegasus infection. From Amnesty International's Pegasus Forensic Methodology Report:
/cdn.vox-cdn.com/uploads/chorus_asset/file/25249728/246961_Costa_Rica_Renewables_3_IVargas.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25414869/IMG_0523.jpg)
