You can check you haven't been targeted by Pegasus spyware but it's a pain

News
By published
iPhone X passcode screen
iPhone X passcode screen (Image credit: iMore)

What you need to know

  • With the NSO Group's Pegasus spyware in the news of late, here's how to check your iPhone isn't infected.
  • It's very unlikely that you are, and the process of checking isn't a smooth one.

With so much talk about NSO Group and its Pegasus spyware right now it's important to remember that it's very unlikely that you have been targeted. Still want to be sure? There's a tool that can check, but it'll take some work.

We know that 50,000 phone numbers belonging to journalists, government officials, and more are on a list of potential Pegasus targets and that's all very scary stuff. Thankfully it's unlikely most people will be anywhere near Pegasus or that list, but TechCrunch has detailed how you can go about being sure. It isn't a fun endeavor and it's going to involve cracking out Terminal, but it's definitely doable.

The Mobile Verification Toolkit, or MVT, works on both iPhones and Android devices, but slightly differently. Amnesty said that more forensic traces were found on iPhones than Android devices, which makes it easier to detect on iPhones. MVT will let you take an entire iPhone backup (or a full system dump if you jailbreak your phone) and feed in for any indicators of compromise (IOCs) known to be used by NSO to deliver Pegasus, such as domain names used in NSO's infrastructure that might be sent by text message or email. If you have an encrypted iPhone backup, you can also use MVT to decrypt your backup without having to make a whole new copy.The toolkit works on the command line, so it's not a refined and polished user experience and requires some basic knowledge of how to navigate the terminal. We got it working in about 10 minutes, plus the time to create a fresh backup of an iPhone, which you will want to do if you want to check up to the hour. To get the toolkit ready to scan your phone for signs of Pegasus, you'll need to feed in Amnesty's IOCs, which it has on its GitHub page. Any time the indicators of compromise file updates, download and use an up-to-date copy.Once you set off the process, the toolkit scans your iPhone backup file for any evidence of compromise. The process took about a minute or two to run and spit out several files in a folder with the results of the scan. If the toolkit finds a possible compromise, it will say so in the outputted files.

You can learn more about the tool in the TechCrunch piece, and the tool itself is available via Github. That's where you'll find the documentation that you need to follow, too.

Apple has been keen to remind everyone that most people don't need to worry about Pegasus and that it's a very sophisticated tool for gaining access to very specific devices. It could also do without a potential security scare ahead of the iPhone 13 announcement that will likely take place in September, too.

Oliver Haslam
Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too. Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.

Latest in Apple
iMore Logo
One more thing… Goodbye from iMore
Apple Logo behind a waterfall
Apple loses $14bn Irish tax case against the EU
Apple Glowtime iPhone 16 event
How to re-watch Apple's iPhone 16, Apple Watch Series 10, and AirPods 4 event
Glowtime 2024
Every Apple product discontinued after the iPhone 16 event
Apple Glowtime iPhone 16 event
Listen to all of the music from Apple's 'It's Glowtime' September event
Apple logo with US dollar bills
Apple could get a major fine the day after the iPhone 16 reveal event
Latest in News
iMore Logo
One more thing… Goodbye from iMore
Jony Ive
Jony Ive’s OpenAI hardware device could be his next world-changing design
NEBULA Cosmos 4K SE with Apple TV
This new 4K projector is tempting me to replace my LG C2 TV, just so I can watch Slow Horses on a 200-inch display
VisionOS 2 app reorganization
visionOS 2 is the first major software update for Apple Vision Pro, and now it's available
macOS Sequoia
macOS Sequoia (version 15) is now available for your Mac with some big upgrades
watchOS 11
watchOS 11 is now rolling out to all Apple Watch users with the Series 6 or newer
More about apple
Apple Logo behind a waterfall

Apple loses $14bn Irish tax case against the EU
Apple Glowtime iPhone 16 event

How to re-watch Apple's iPhone 16, Apple Watch Series 10, and AirPods 4 event
iMore Logo

One more thing… Goodbye from iMore
See more latest