In case you have been living under a rock somewhere in a remote jungle and missed it, your phone is not impenetrable. It doesn’t matter if it’s running the latest patched version of Android OS or if it’s an iPhone running the latest version of iOS that Tim Cook told you was solid. All one needs is the latest copy of Pegasus Software, the requisite licence for it and a few clicks.
Pegasus is surveillance software made by the Israeli group known as NSO and we have covered them here before. According to the founders of the company, they started by making a mobile version of something like Teamviewer. The software allowed them to remotely control a phone remotely if a user clicked/tapped on a link sent to the device. They then pivoted into making surveillance software for governments where unwitting subjects would be spied upon if they tapped/clicked on a special link.
Governments, including the not so nice ones, queued up to pay for this software and lined the company’s pockets. This allowed the NSO group to make better and better software. Now they have so many tools to break into your phone they don’t even need to send you a message or trick you into clicking on links. They have so many zero-day exploits in their pocket they can break into your phone, turn it into a microphone and video camera to spy on you, download all your files and do other mischief without you ever knowing.
This wouldn’t be a problem if they were a little selective about who their customers were. Turns out they really don’t care and a good part of their customers also happen to be the most repressive regimes. While the software is meant to be used for crime-fighting and to be used against terrorists each country has its own definition of what a terrorist is. Dictators tend to label human rights activists and journalists terrorists so a lot of people have been spied on using the software.
Recently a list showed 50 000 individuals had been potential targets. The list includes real “terrorists” as well as people like Cyril Ramaphosa. I also wouldn’t be surprised if our esteemed government is part of the Pegasus clientele. So what if they are and they targeted you. Or maybe someone is a client and they targeted you. Can you tell?
How to tell if you were spied on
The list of numbers is old and probably incomplete. More people are certain to have been targeted. So how can you tell if you were a target? The truth is you can never know for sure. NSO’s Pegasus is that good. However, based on research and other leaks attributed Amnesty has developed a forensic tool you can use to verify that your phone has not been compromised.
The tool, known as Mobile Verification Toolkit (MVT) works better on iOS compared to Android according to Amnesty International. It’s available for Windows, MacOS and even Linux. Who knew Amnesty International had coders let alone security experts working for it?
Any way to install and use the tool all you need to do is to follow the Readthedocs page for your particular platform and mobile Operating system. If you are on Windows you will have to use the Windows Subsystem for Linux though. For Macs, you can just use the Homebrew tool because despite its looks and price tag Mac OS is a Linux cousin-they are all part of the *nix family.
The instructions involve a lot of commands. Hopefully, someone will create shell scripts to make it all easier to execute. Terminals are not hard you just need to pay attention to the provided instructions.