Pegasus spyware is once again at the center of a major controversy after a two year hiatus. Global reports have shown that NSO Group’s software was used to spy on about 50,000 people including political leaders, businessmen, journalists, and activists from across the world. The malware exploits zero day vulnerability in the device’s operating system to spy on individuals.
Researchers at Amnesty International have developed a toolkit that can help users identify whether their phone was infected by the spyware.
Mobile Verification Toolkit works on both iOS and Android OS. It simplifies the process of acquiring and analyzing data from Android devices, and analyses records from iOS backups and filesystem dumps to identify potential traces of compromise.
Researchers noted that there are more forensic traces accessible to investigators on Apple iOS devices than on Android devices. As a result, most recent cases of confirmed Pegasus infections have involved iPhones.
Amnesty has made the open-source toolkit available on GitHub. Since the toolkit works on the command line, it requires some knowledge on how to navigate the terminal and may not be user friendly.
To install the toolkit, users need to install a python package available in documentation on the MVT (Mobile Verification Toolkit) website. It also includes instructions for both iOS and Android on how to go about with the process. Before running MVT, users have to take a backup of their iOS device.
Amnesty pointed that the purpose of MVT is to facilitate the ‘consensual forensic analysis’ of devices of those who might be targets of sophisticated mobile spyware attacks.
“We do not want MVT to enable privacy violations of non-consenting individuals,” Amnesty said. “Therefore, the goal of this license is to prohibit the use of MVT (and any other software licensed the same) for the purpose of adversarial forensics.”