Amnesty International has taken a progressive step for mobile phone safety by developing and releasing a toolkit to aid owners in discovering if their handsets are being secretly monitored by Pegasus, military-grade spyware targeting human rights activists, lawyers and journalists around the globe.
Phones infected with the Pegasus spyware often leave behind clues of being infected, which the new software can detect via scanning the device. A leaked list containing 50,000 phone numbers was obtained by the non-profit journalism outfit Forbidden Stories and Amnesty before being shared with the media.
The Pegasus spyware was developed by NSO Group, an Israeli firm, as a product that can target both Apple iOS and Android devices, allowing it to record calls, copy and send messages and even go as far as film people through phone cameras.
There have been several reported countries that have used the technology, such as governments in India, Hungary, Morocco and Rwanda who have all denied use, as well as the NSO Group who claims the claims in the report as being false.
Advancement in Threat
Earlier versions of the software relied on targets to click through malicious links to gain unauthorised access to the victim’s private data such as passwords, calls, texts and emails. Experts studying the current version of the software have unveiled that the spyware has advanced to the level where targeted individuals don’t need to click any link to have the spyware secretly installed.
Amnesty’s researcher toolkit, the Mobile Verification Toolkit (MVT), is usable on both iOS and Android devices to help users identify if they have been targeted and at risk. By using a device backup, it searches for any indicators of compromises that would deliver Pegasus, such as domain names utilised in the NSO Group’s infrastructure.
The MVT can be used to decrypt an encrypted iPhone backup without having to make another copy. The specialist toolkit operates using the command line, needing basic knowledge around how to navigate the terminal.
TechCrunch stated that it took merely ten minutes to make the tool operational. Upon starting, the toolkit scanned a backup of the phone to locate any evidence of hacking taking place. After a couple of minutes to finish the scan, it creates several files showcasing the scan results. If the phone has fell victim, the files will showcase how and where.
Amnesty has combatted NSO Group’s claim that the reports were false by showcasing forensic analysis from its security lab that highlighted a consistent past analysis of journalists targeted through NSO spyware, including dozens allegedly hacked in the UAE and Saudi Arabia in December of last year, identified through Citizen Lab.