What makes this software worse is that it can be used for remote and stealth monitoring, without the victim even realising that they are being watched.The NSO Group’s website notes that the spyware can extract data remotely via untraceable commands.The Pegasus spyware could essentially make it unnecessary to have physical access to a device to spy on victims.
For instance, iPhones, which are usually touted for being secure, reportedly have a gaping security issue in iMessage that allows remote access and duplication of data.
Amnesty International has developed Mobile Verification Toolkit (MVT), this tool helps the user to identify whether his phone has been hacked by Pegasus spyware or not. It works with both Android and iOS devices, although Amnesty said that more forensic traces were found on iPhones than Android devices, which makes it easier to detect on iPhones.
MVT requires at least Python 3.6 to run on the system. MacOS users need to have Xcode and Homebrew installed as well. If you want to view forensic traces on an Android device, you'll also need to install certain dependencies.
Users have to back up their data to allow MVT to decrypt all files stored locally on their phones to see the Pegasus proofs. However, in the case of a jailbroken iPhone, a full file system dump can also be used for analysis.
Once a backup is created, MVT uses indicators such as domain names and binaries to look for Pegasus related traces of NSO. If you have an encrypted iPhone backup, you can also use MVT to decrypt your backup without having to make a whole new copy.
The code for the tool is also open source and is available on GitHub along with detailed documentation.
Pegasus has been termed as the most sophisticated hacking software available today to intrude phones. The NSO Group has, time and again, claimed that it does not hold responsibility in case of misuse of the Pegasus software. The group claims that it only sells the tool to vetted governments and not individuals or any other entities.
Comments