UK Markets open in 7 hrs 7 mins

Pegasus: Amnesty releases new tool to check whether invasive spyware is secretly installed on a phone

·3-min read
NSO Group’s Pegasus spyware, licensed to governments around the globe, can infect phones without a click (AFP via Getty Images)
NSO Group’s Pegasus spyware, licensed to governments around the globe, can infect phones without a click (AFP via Getty Images)

Amnesty International has released a toolkit to help people find out if their phone was secretly monitored by Pegasus, the military-grade spyware that targeted human rights activists, journalists, and lawyers around the world.

The software scans devices for the small clues that are left behind if a phone is infected by the Pegasus spyware.

A leaked list of 50,000 phone numbers was obtained by journalism non-profit Forbidden Stories and Amnesty before being shared with the media.

The spyware, built by Israeli firm NSO Group, can be used to record calls, copy and send messages or even film people via phone cameras. The spyware can and has been used to target both Apple iOS and Android devices.

NSO Group denied “false claims” made in the report, as did the governments of Hungary, Morocco, India, and Rwanda that have allegedly used the technology.

Early versions of the software required targets to click malicious links, giving unauthorised persons access to the victim’s private data, including passwords, calls, texts and emails, but experts believe the software has advanced so that targets do not have to click any link to have the spyware installed.

To view this content, you'll need to update your privacy settings.
Please click here to do so.

Amnesty’s researcher toolkit, the Mobile Verification Toolkit (MVT), works on both iOS and Android devices to help users find out if they have been targeted. It uses a device backup and searches it for any indicators of compromise that would be used to deliver Pegasus, such as domain names used in NSO Group infrastructure.

If an iPhone backup is encrypted, the MVT can be used to decrypt it without having to make another copy.

The toolkit works using the command line, requiring basic knowledge on how to navigate the terminal. TechCrunch said it took approximately 10 minutes to have the tool operational.

When it is started, the toolkit scans a backup of the phone for any evidence that it has been hacked. It takes a minute or two to do so, and creates a number of files that show the results of the scan – if the phone is potentially compromised, those files will say so.

While NSO Group has denied the report, Amnesty International Security Lab said its forensic analyses found results that were “consistent with past analyses of journalists targeted through NSO’s spyware, including the dozens of journalists allegedly hacked in the UAE and Saudi Arabia and identified by Citizen Lab in December of last year”.

Claudio Guarnieri, director of Amnesty International’s Security Lab, said: “There are a bunch of different pieces, essentially, and they all fit together very well. There’s no doubt in my mind that what we’re looking at is Pegasus because the characteristics are very distinct and all of the traces that we see confirm each other.”

Read More

Jeff Bezos space launch - live: Latest updates as Amazon founder and Blue Origin crew prepare for first trip

Jeff Bezos space flight crew: Who will be on Blue Origin rocket and how much is the launch costing?

Wally Funk: Jeff Bezos to send pioneering female pilot and oldest ever person to space

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting