How to Detect Pegasus Spyware on iPhone
Tips • Aug. 8, 2021
One such tool, spyware or malware that is causing a lot of media coverage and has infected a lot of devices is Pegasus. This has been known to affect devices from your iPhones to other Android phones. A report from Amnesty International revealed that a lot of iOS and Android devices were already infected with spyware, and if you want to read the complete article from Amnesty, then you can click on the link here. Don’t worry, it’s safe to browse the link, and you won’t be compromising your device’s security. However, we still recommend you check your device to see if it has been infected with Pegasus and follow the guide thoroughly to get an in-depth understanding of how to detect and remove the Pegasus Spyware from your iPhone.
What is Pegasus?
A cybersecurity organization from Isreal developed the Pegasus spyware. Similar to ransomware, spyware exists or stores itself in a smartphone’s internal memory, which makes detecting it complex and challenging. The organization claims to have sold Pegasus to the governments of many countries such as Hungary, Rwanda and India and reports have found that those governments used the spyware tool to surveil many individuals across the world. It can infect your device and make it vulnerable to:
- Data theft
- Location tracking
- Gain access to messages, texts, contacts and emails
- Involuntary access to microphone and cameras
How does Pegasus infect your Phone?
The Pegasus spyware can be used to infect iPhones and Android devices through messaging apps such as iMessage and WhatsApp. These apps serve as a road to connecting the user and the spyware by having people click on a link that contains the vulnerability. It uses the bugs and errors present on the devices to infect the device and pass data forward.
In fact, the NSO Group that developed Pegasus has also shown that spyware can be installed on devices with zero interaction from the user. These consisted of actions like receiving a call from someone to affect a device and its operating system without alarming or notifying anyone.
Who is being targeted by the Pegasus Spyware?
The leaked list from Amnesty International contained around 50,000 phone numbers mainly targeting influential individuals such as politicians, activists, news reporters and journalists from sources such as New York Times and The Guardian.
While you might not fall into the specific category of people targeted by the governments, know that your phone still has the vulnerability, and you can still be targeted and infected without any protection against it. It’s not just us that they are worried about the spyware problem, and many others, such as Dana Priest and Craig Timbers, journalists from The Washington Post, have concerns about the issue and whether the spyware has been “engineered to evade defences on devices” by the top smartphone brands such as Apple, Google and Samsung.
How to detect spyware on your iPhone?
While the chances of a regular person being infected with the Pegasus spyware is slim, it still poses a risk for future targeting. This can lead to serious concerns regarding your privacy and safety, and hence, we have compiled a list of all the ways you can detect Pegasus Spyware on your iPhone.
1. Using Amnesty International’s tool
Amnesty International, the same organization behind releasing the paper that got the Pegasus spyware to the limelight, has developed a tool to help you check your iPhone for an infection. The tool works excellent and finds out if your device is vulnerable, but it has some serious caveats that make it not user-friendly or easy to use. In fact, if you do want to use it, you need to have sufficient knowledge of Xcode and Command line or Terminal. We’ll be taking a quick look at the entire process, but you can follow the in-depth guide on GitHub by using the link above.
Step by step instructions:
Firstly, make a backup of your iPhone or Android device and look for the backup on your desktop. You can do this by using iTunes or Finder on your Mac.
Next, you need to download Xcode from the App Store and Python3 using Homebrew and the Terminal.
Next, you need to download the Amnesty mvt (Mobile Verification Toolkit) program, which can be done by going into the Terminal and typing in the following command:
pip3 install mvt
Next, you need to decrypt your backup using the mvt tool, and you can do so by the following subcommands:
mvt-ios check-iocs0
mvt-ios decrypt-backup
After that, you need to use the “stix file” from Amnesty, and you can download it from the Terminal by typing the following command:
-i ~/Downloads/pegasus.stix2
Finally, you need to check the backup for any vulnerabilities by using the following command:
mvt-ios check-backup
Note: If this check ends up with vulnerabilities and issues, then your iPhone has been infected with Pegasus, but if it doesn’t, you’re fine and should keep your device safe. The Washington Post article that we discussed above has also said that the NSO Group has said that its software cannot be used on iPhones with US numbers, and the investigation didn’t find any evidence that Pegasus had successfully breached US iPhones. However, if you end up using the tool above, we would like to further emphasize following the guide on the GitHub page as the tool can be updated, leaving you scratching to see if you’re doing something wrong.
Pros and cons of using the official Amnesty mvt tool
Pros
- Constantly updated
- Has the most extensive check for iOS devices
Cons
- Requires a fair bit of knowledge with using Terminal commands
- Not recommended to the average user
2. Using iMazing Detect Spyware Tool
Now that we’re done with the complex and challenging to use Amnesty mvt tool to check for the Pegasus vulnerability on your iPhone, let us look at something simpler. iMazing, the popular iPhone manager has updated its app with spyware detection features that come with the iMazing 2.14 update, which can be downloaded from the link above. It comes with a trial period with limited functionality access, but the spyware detection is free to use.
In fact, iMazing’s spyware detection is based on Amnesty’s Mobile Verification Toolkit. Hence, it is perfect for regular users who don’t want to learn command line and terminal commands for a simple check of their iPhones. So, what are we waiting for? Let’s dive straight into the process.
Step by step instructions:
The first step of the entire process is downloading the iMazing tool from the official site, installing it on your Mac, and then connecting your iPhone and waiting for it to be recognized.
Next, you need to select the “Detect Spyware” button from the right tab and check to see if the options for the STIX files and the CSV output format are selected. You need to set it according to the screenshot above and click on the blue “Next” button.
Finally, you need to accept both the checkboxes as shown in the screenshot above and click on the “Start Analysis” button, which will guide you if your device is infected or not.
Pros and cons of using iMazing
Pros
- Easy to use
- User Friendly
- Free, fast and reliable spyware detection
Cons
- You need to buy the pro version if you need to access all the features that iMazing has to offer
- It might be slower with updates as compared to the official mvt tool
- It doesn’t work with Android devices
How to prevent a future spyware infection?
Now that you know whether your iPhone is infected or not, let us discuss a few points to keep your device secure and prevent any future spyware infections. Here are some points that you should always keep in mind:
- Never click on unverified weblinks
- Always use official sources to download anything
- Don’t accept messages or calls from unknown numbers
- Always keep a safe and secure encrypted backup on some other device
- Don’t transfer files without scanning them first
- Use a webcam cover or a piece of black electrical tape to cover your laptop or desktop webcam
- Keep your device up to date with all security patches
Note: This doesn’t guarantee that you won’t ever be infected with any spyware, but it will ensure that your chances of getting infected will be significantly reduced.
[ Suggested read: Top Free Anonymous Browsers for Privacy ]
Some pegasus FAQs
Can Pegasus spyware work with +1 numbers?
NSO has claimed that the Pegasus Spyware is incapable of targeting the numbers starting with +1, and hence, most Americans should be safe and unaffected by the spyware. However, you should be on guard if you have ever used an international SIM card and check to see if your iPhone is safe.
What does Pegasus spyware do?
Pegasus is guaranteed to be able to do a few things. The most common issues are that it can read text messages, gather contact data, track calls, collect passwords, track your location, involuntarily access the microphone and camera, and steal data and information from apps and storage.
What is a spyware malware?
A spyware is a type of malware that is designed to access your personal information, data, contacts and, as the name implies, track and spy on you. However, a malware is a malicious piece of software designed to gain access to or damage your computer, often without your knowledge.
Final words
Pegasus is a massive threat to security and privacy, and it shows that no device is secure from hacks and other malware. With this new technological age data and information is the most essential commodity and hence, you should try to be as safe as possible.
Hence, make sure to read the prevention section of the article to get some knowledge on how to keep your devices safe from spyware, and be sure not to visit any unverified links. With that said, we end our guide and hope that we have helped you check your iPhone for security threats and Pegasus spyware infection.