Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Security Cellphones Government

Is Your Phone Infected With Pegasus? (fossbytes.com) 75

Fossbytes has an article detailing how you can check to see if your mobile device is infected with the "Pegasus" spyware. What's Pegasus you ask? It's phone-penetrating spy software developed by NSO Group and sold to governments to target journalists and activists around the world. The CEO of NSO Group says law-abiding citizens have "nothing to be afraid of," but that doesn't help us sleep any better. Here's how to check if your device has been compromised (heads up: it's a bit of a technical and lengthy process): First off, you'll need to create an encrypted backup and transfer it to either a Mac or PC. You can also do this on Linux instead, but you'll have to install libimobiledevice beforehand for that. Once the phone backup is transferred, you need to download Python 3.6 (or newer) on your system -- if you don't have it already. Here's how you can install the same for Windows, macOS, and Linux. After that, go through Amnesty's manual to install MVT correctly on your system. Installing MVT will give you new utilities (mvt-ios and mvt-android) that you can use in the Python command line. Now, let's go through the steps for detecting Pegasus on an iPhone backup using MVT.

First of all, you have to decrypt your data backup. To do that, you'll need to enter the following instruction format while replacing the placeholder text (marked with a forward slash) with your custom path: "mvt-ios decrypt-backup -p password -d /decrypted /backup". Note: Replace "/decrypted" with the directory where you want to store the decrypted backup and "/backup" with the directory where your encrypted backup is located.

Now, we will run a scan on the decrypted backup, referencing it with the latest IOCs (possible signs of Pegasus spyware), and store the result in an output folder. To do this, first, download the newest IOCs from here (use the folder with the latest timestamp). Then, enter the instruction format as given below with your custom directory path: "mvt-ios check-backup -o /output -i /pegasus.stix2 /backup". Note: Replace "/output" with the directory where you want to store the scan result, "/backup" with the path where your decrypted backup is stored, and "/pegasus.stix2" with the path where you downloaded the latest IOCs.

After the scan completion, MVT will generate JSON files in the specified output folder. If there is a JSON file with the suffix "_detected," then that means your iPhone data is most likely Pegasus-infected. However, the IOCs are regularly updated by Amnesty's team as they develop a better understanding of how Pegasus operates. So, you might want to keep running scans as the IOCs are updated to make sure there are no false positives.

This discussion has been archived. No new comments can be posted.

Is Your Phone Infected With Pegasus?

Comments Filter:
  • by WaffleMonster ( 969671 ) on Monday July 26, 2021 @09:12PM (#61623761)

    It will be after following these instructions.

    • by fahrbot-bot ( 874524 ) on Monday July 26, 2021 @10:48PM (#61623891)

      It will be after following these instructions.

      It may be simpler to just get a new phone ... :-)

      • by Rick Schumann ( 4662797 ) on Tuesday July 27, 2021 @02:03AM (#61624201) Journal
        The way things are going, your new phone out of the box will have this sort of spyware pre-installed. :-(
        • by shanen ( 462549 )

          Nice FP branch. Sadly insightful and funny, too.

          Amateurs can't win against experts. Even if the original source was reliable (in spite of the challenge from the FP), the experts have almost surely had time to patch Pegasus to negate the instructions.

          I think the best general solution approach is to stop putting so many eggs in so few baskets. But it's a fading story, time is limited, and interest is even more limited, so.

          • I haven't owned a smartphone all this time, and with every revelation like this one I have one more reason to not ever get one. It's bad enough that the cheap plastic clamshell dumbphone I did get for free runs Android, but it doesn't have any internet browsing capability and it's off 95% of the time anyway, best I can do other than ditching cell service entirely and going back to a landline.
            • by shanen ( 462549 )

              If Android is the OS, then it doesn't seem clear that you are safe. Though your phone may lack some (or most) of the capabilities that Pegasus wants to exploit.

              • ..yeah, I know. :-( That's one of the reasons it's off the vast majority of the time. Just because *I* don't have internet access on it, doesn't mean that it doesn't have an IP address, and therefore could have vulnerablilities that could be exploited, just by being turned on and connected to the network. :-( They could for all I know exploit whatever software update mechanism is in place.
                • by shanen ( 462549 )

                  Just the ACK, but under weird coincidences, I just finished a book published by Pegasus. No relation, but the name sure stuck me in the eye...

  • "Nothing to fear". (Score:5, Insightful)

    by sg_oneill ( 159032 ) on Monday July 26, 2021 @09:16PM (#61623771)

    It still galls me that CEO of NSO Group used the old "If you've done nothing wrong you've got nothing to fear", which if you follow the implications regarding to who it was actually sold to means "criticizing your government is wrong".

    No wonder the internet turned from the anarchic dream of freedom in the ninteys into the authoritarian sewer its become today.

    • by sconeu ( 64226 )

      We were all so idealistic, dammit. And look at things now.

    • by Venik ( 915777 )
      Heâ(TM)s is Israel. Thatâ(TM)s how things are there.
    • by Rosco P. Coltrane ( 209368 ) on Tuesday July 27, 2021 @01:08AM (#61624137)

      It still galls me that CEO of NSO Group used the old "If you've done nothing wrong you've got nothing to fear", which if you follow the implications regarding to who it was actually sold to means "criticizing your government is wrong".

      What's really galling is: who are they to claim the right to decide who's right and wrong? Are they a court of law?

      • They have a bigger stick than you.

      • They don't really decide that in detail. They just sell it to a lot of governments, ask them to please not do evil things with it, and then these governments can decide which journalist or whatever did something wrong enough to have them murdered...
    • by Opportunist ( 166417 ) on Tuesday July 27, 2021 @04:08AM (#61624403)

      It kinda amuses me, to be honest, especially considering where that company is located. He may want to ask his father or grandfather who might remember a time when being a honest, upstanding citizen was not enough to not be persecuted for crimes that are none.

      At least if he's from central Europe.

    • by fazig ( 2909523 ) on Tuesday July 27, 2021 @04:11AM (#61624411)
      The (more) complete statement sounds even fishier if you ask me.

      The people that are not criminals, not the Bin Ladens of the world -- there's nothing to be afraid of. They can absolutely trust on the security and privacy of their Google and Apple devices.

      Source: https://www.forbes.com/sites/t... [forbes.com]

    • No we just got old, where what was once new and exciting, and now different and scary.

      Oh how we in the 1990's in our teens and 20s laughed at those 40-50 something mainframe guys. With their steadfast dislike of TCP/IP Protocol, and preferred the simplicity and reliability of just a set of Serial Cables going across the building. Your Login and Password was good enough to stop any unauthorized access, and if you wanted remote access, just plug one of those serial cables to a Modem and give the person that

      • The kids of today are advised to get a PhD in how to parse and optimize the monthly Azure invoice.

        --
        .nosig

    • by Tom ( 822 )

      It still galls me that CEO of NSO Group used the old "If you've done nothing wrong you've got nothing to fear",

      As long as he puts his money where his mouth is - so where, exactly, has he posted all his private conversations, pictures, e-mails and other data online for everyone to see?

      After all, if he has done nothing wrong, he's got nothing to fear, right?

      • by gweihir ( 88907 )

        Naa, that would be doing what he preaches. Cannot have that. Assholes like this one want limitations like always only for others.

  • if you don't have a phone.

    • by suss ( 158993 )

      Don't worry, it's one of the payloads in the nanobot delivery system known as the pfizer corona vaccine, you won't even need a phone. Gives a new meaning to the term "buttdialing".

      • I certainly hope you are joking because if we had that level of technology then we wouldn't be bothered to do something so pointless.

    • by fazig ( 2909523 )
      Unfortunately, if you don't have a phone these days, you're already abnormal enough to be a suspect worthy to take a closer look at for those who'd like to put everyone under surveillance.

      I suppose if you could manage to go completely off all the grids, it could work, but that's nearly impossible in our day and age. So hiding in plain sight methods could be more effective.
  • Nope. Don't have one.
  • by westlake ( 615356 ) on Monday July 26, 2021 @10:29PM (#61623865)
    It would take me the better of a day to get through all this, even Iif I was confident I was getting everything right -- and that assuming I had only a single phone to secure.
    • by DarkOx ( 621550 )

      Don't forget that obtaining all the dependancies and having access to machine to run this stuff on are not at all a given for many of the potential victims.

      Traveling reporters, dissidents, etc might not have any reliable internet access besides their mobile device. Downloading 100s of megs of dependancies, python platform stuff, and mobile interface libraries might be a non-starter or even serve to red flag them or help locate / target them more easily. They might not have a desktop or laptop that is itself

  • Seriously, if whatever nefarious sources it is spreading Pegasus, want to infect my phone, have at it.

    You'll get some amazing content of me and the wife chatting about the cat. Later, possibly some video of me watering the plants.
    The absolute gold mine, will be me on a Zoom meeting discussing the latest sprint of work for the e-commerce infrastructure my team looks after. Exciting stuff, like CI/CD, GQL and where we should place the "Add to Cart" button.
    There may even be footage and recording of a walk to t

  • by thesjaakspoiler ( 4782965 ) on Monday July 26, 2021 @11:58PM (#61624013)

    Or better, why doesn't do Apple do this for me?

  • This procedure was written to work for niche devices only. And by that I mean devices I don't own.

  • then if you have a US phone and you have never traveled outside of the US, then you cannot be infected.
  • by SeriousTube ( 2575581 ) on Tuesday July 27, 2021 @02:13AM (#61624227)
    The slashdot text says it's about checking your mobile device, but actually the linked article is just for iphones, not android.
    • by jools33 ( 252092 ) on Tuesday July 27, 2021 @04:21AM (#61624435)

      The reason given in the article is that pegasus on Android can in the worst case scan SMS's or APKs, so its reasonably harmless on Android. So it seems that this is a novel case where Apple security is more exposed than Android (must be close to a first...).

      • pegasus on Android can in the worst case scan SMS's or APKs

        No, the MVT toolkit for Android can only scan SMS messages and APKs (manual [readthedocs.io]: "The Android backup feature does not allow to gather much information that can be interesting for a forensic analysis..."), so it's less effective at detecting Pegasus. This does not mean that Pegasus itself is "reasonably harmless on Android". It's just better at hiding.

        Though this does imply that the iOS encrypted backups leak more information about the state of the device... win some, lose some. In this case the extra data is he

    • Re: (Score:3, Informative)

      by iamagloworm ( 816661 )
      The android instructions are here: https://mvt.readthedocs.io/en/... [readthedocs.io]
  • This is only for iPhones. Lol@the current apple ad campaign around "privacy"
  • As I prefer a basic phone (I have a tablet for the "smart" stuff), my phone can't be infected with Pegasus. Not that the FBI couldn't still track me - GPS is required even on basic phones so that if you're lost and dial 911 they can find you. But installing malware? Can't be done.

    No idea if Pegasus can be installed to a wifi-only tablet, but you asked about my phone.
  • Since when did "mobile device" mean "iPhone"? No mention of Android at all.
    • Apple customers live in their own little walled garden, and in that garden the only things that exist are things that Apple wants you to know about. It's part of their (income) security plan...
    • > No mention of Android at all.

      They prefer not to acknowledge the Deplorables' phones. People who can only afford $49 phones from Walmart aren't members of their distributed country club.

  • Personally I assume my phone is already hacked so anything important should be limited to mobile banking where I have some legal protections against fraud.

    Do I have spyware on my phone? I don't know, let me ask my Facebook contacts.

  • No (Score:5, Interesting)

    by quonset ( 4839537 ) on Tuesday July 27, 2021 @05:27AM (#61624567)

    You know how I know my phone doesn't have Pegasus? Because it has no "apps". It's a phone of the smartest kind. It does one thing and it does it well. It makes and receives phone calls.

    Yes, I have a calculator and calendar on it, but they're pre-installed and non-upgradable.

    This scenario is just like Battlestar Galactica. Not having the newest and shiniest is what protects me.

  • For those who tl;dr tfa, lmsyst:

    Step 1: Open your wallet
    Step 2: Examine all of your credentials, licenses, etc

    If none of those credentials/licenses identify you as the holder of a government security clearance, your phone is not infected with Pegasus.

    Otherwise, you can go through the steps outlined in TFA.

    • by pjt33 ( 739471 )

      Unless, of course, you're a journalist, an opposition politician, a relative of someone of interest, ...

      • Unless, of course, you're a journalist, an opposition politician, a relative of someone of interest, ...

        Or an ex-girlfriend/boyfriend of someone who is stalking you.

  • Article only talks about how to find out if you're infected and does not mention how the spyware got there in the first place.
  • I understand that the author knew only Python but there are ways to create an executable from python code. I do not think there will be a rush as long as it takes more than 2 steps to get the result.
  • ...a flying horse in my phone.

  • Android may need a malware scanning utility similar to Windows Defender.

  • by Ultimer ( 8105522 )
    Good afternoon! I can say that most likely my phone is charged with this because there are a lot of different applications that can track my actions. In addition to all sorts of messengers, I still have games, and plus the most important thing is an application from the Ajax company https://ajax.systems/ [ajax.systems] that installs a security system. With this application, I monitor the security of my home. And probably this application also somehow monitors me, but I don't care because my security is more important to m

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...