This week, we got to find out via the Daily Monitor that the Rwandan government was spying on top officials in the Ugandan government, using the Israel-made Pegasus spyware. This has been happening in several countries. Amnesty International — part of the group that helped break the news of this spying— has released a tool to check if your phone has been affected. Alongside the tool is a great set of instructions, which should help the affected user through the somewhat technical checking process.
ALSO READ: Would you use a smartphone without a case?
Using the “anti-Pegasus spyware” tool involves backing up your phone to a separate computer and running a check on that backup. If you’ve been side-eyeing your phone since the news broke and are looking for guidance on using Amnesty’s tool please follow these instructions.
- The first thing to note is the tool is a command-line or terminal-based, so it will take either some amount of technical skill or a bit of patience to run. We try to cover a lot of what you need to know to get up and running here, but it’s something to know before jumping in.
- The second note is that the analysis Amnesty is running seems to work best for iOS devices. In its documentation, Amnesty says the analysis its tool can run on Android phone backups is limited, but the tool can still check for potentially malicious SMS messages and APKs. Again, we recommend following its instructions.
- To check your iPhone, the easiest way to start is by making an encrypted backup either using iTunes or Finder on a Mac or PC. You’ll then need to locate that backup, which Apple provides instructions for. Linux users can follow Amnesty’s instructions on how to use the libimobiledevice command line tool to create a backup.
- After getting a backup of your phone, you’ll then need to download and install Amnesty’s mvt program, which Amnesty also provides instructions for.
- If you’re using a Mac to run the check, you’ll first need to install both Xcode, which can be downloaded from the App Store and Python3 before you can install and run mvt. The easiest way to obtain Python3 is using a program called Homebrew, which can be installed and run from the Terminal. After installing these, you’ll be ready to run through Amnesty’s iOS instructions.
- If you run into issues while trying to decrypt your backup, you’re not alone. The tool was giving me errors when I tried to point it to my backup, which was in the default folder. To solve this, I copied the backup folder from that default location into a folder on my desktop and pointed mvt to it. My command ended up looking like this:
(For illustration purposes only. Please use commands from Amnesty’s instructions, as it’s possible the program has been updated.)
mvt-ios decrypt-backup -p PASSWORD -d decrypt ~/Desktop/bkp/orig
When running the actual scan, you’ll want to point to an Indicators of Compromise file, which Amnesty provides in the form of a file called pegasus.stix2. Those who are brand-new to using the terminal may get tripped up on how to actually point to a file, but it’s relatively simple as long as you know where the file is. For beginners, I’d recommend downloading the stix2 file to your Mac’s Downloads folder. Then, when you get to the step where you’re actually running the check-backup command, add
-i ~/Downloads/pegasus.stix2
into the option section. For reference, my command ended up looking like this. (Again, this is for illustration purposes only. Trying to copy these commands and run them will result in an error):
mvt-ios check-backup -o logs –iocs ~/Downloads/pegasus.stix2 ~/Desktop/bkp/decrypt
(For reference, the ~/ is more or less acting as a shortcut to your user folder, so you don’t have to add in something like /Users/mitchell.)
Again, we’d recommend following along with Amnesty’s instructions and using its commands, as it’s always possible that the tool will have been updated. Security researcher @RayRedacted on Twitter also has a great thread going through some of the issues you may run into while running the tool and how to deal with them.
As a final note, Amnesty only provides instructions for installing the tool on macOS and Linux systems. For those looking to run it on Windows, the tool can be used by installing and using Windows Subsystem for Linux (WSL) and following Amnesty’s Linux instructions. Using WSL will require downloading and installing a Linux distro, like Ubuntu, which will take some time. It can, however, be done while you wait for your phone to backup.
