Amnesty International – part of a group that helped convey news to journalists and heads of state being Targeted by UFO state-level spyware, Pegasus – is released the tool to check if it has affected your phone. Alongside the tool is a large set of instructions, which should help you a bit in the technical review process. To use the tool, you need to back up your phone to a separate computer and perform a check on that backup. Read on if you’ve been looking at your phone from the page since the news came out and looking for instructions on how to use the Amnesty tool.
The first thing to note is that the tool is command line or terminal based, so running it requires either some technical skill or a little patience. We try to cover a lot of what you need to know to get up and run here, but it’s something you need to know before you jump in.
Another note is that the analysis by Amnesty seems to work best for iOS devices. Amnesty says in its documents that the analysis that the tool can perform on Android phone backups is limited, but the tool can still check for potentially harmful Text messages and APKs. Again, we recommend following its instructions.
You can check your iPhone the easiest way to get started by doing so encrypted backup either Using iTunes or the Finder On a Mac or PC. Then you need to find that backup that Apple provides instructions for. Linux users can follow Amnesty’s instructions how to use the libimobiledevice command line tool to create a backup.
Once you have received a backup of your phone, you need to download and install the Amnesty mvt software that Amnesty also provides instructions for.
If you’re using a Mac to run the scan, you’ll need to install both Xcode, which can be downloaded from the App Store, and Python3 before you can install and run mvt. The easiest way to get Python3 is to a program called Homebrew, which can be installed and run from the terminal. Once you have installed these, you are ready to run through Amnesty iOS Help.
If you’re having trouble trying to unpack, you’re not alone. The tool gave me errors when I tried to point it to the backup that was in the default folder. To resolve this, I copied the backup folder from this default location to the desktop folder and pointed the mvt to it. My command looked like this:
(For illustrative purposes only. Use the commands in Amnesty’s instructions, as it is possible that the program has been updated.)
mvt-ios decrypt-backup -p PASSWORD -d decrypt ~ / Desktop / bkp / orig
When you run the actual scan, you need to indicate the Indicators of Compromise file which Amnesty offers in the form of a file called pegasus.stix2. Those who are completely new to using a terminal may come across how to actually point to a file, but it’s relatively simple as long as you know the location of the file. For starters, I recommend uploading the stix2 file to your Mac’s Downloads folder. Then, when you get to the step where you run the scan-backup command, add
-i ~ / Downloads / pegasus.stix2
option section. My comment ended up seeing this. (Again, this is for illustration purposes only. Try copying these commands and executing them will result in an error):
mvt-ios check-backup -o lokit –iocs ~ / Downloads / pegasus.stix2 ~ / Desktop / bkp / decrypt
(As a reference, ~ / acts more or less as a shortcut to a user’s folder, so you don’t need to add something like / Users / Mitchell.)
Once again, I recommend following Amnesty’s instructions and using its commands, as it is always possible that the tool has been updated. Security researcher @RayRedacted on Twitter is also great yarn go through some of the things you might come across when using the tool and how to deal with them.
As a final note, Amnesty only provides instructions for installing the tool on macOS and Linux systems. For those who want to use it on Windows, Limit has confirmed that the tool can be used Installing the Windows subsystem on Linux (WSL) and follow Amnesty Linux instructions. Using WSL requires downloading and installing a Linux distro, such as Ubuntu, which takes some time. However, this can be done while waiting for your phone to be backed up.
Once you’ve completed mvt, you’ll see a list of warnings that either list suspicious files or behave. It is worth noting that a warning does not necessarily mean that you are infected. For me, some redirects that were completely above the table appeared in the section where it checked my Safari history (sheets.google.com redirect to docs.google.com, reut.rs redirect to reuters.com, etc.). I also got a few errors, but only because the program checked for apps I didn’t have installed on my phone.
The story around Pegasus has probably left many of us a little more skeptical about our phones, regardless of whether we are likely to be targeted by the nation state. While using the tool can (hopefully) help alleviate some of the fears, it’s probably not a necessary precaution for many Americans. The NSO Group has said its software cannot be used on phones with Americans by Washington Post, and the investigation found no evidence that Pegasus had violated U.S. phones.
While it’s great to see that Amnesty made this tool available with solid documentation, it really helps address the privacy issues surrounding Pegasus. As we’ve seen recently, accessing private information doesn’t require a government to target your phone’s microphone and camera. information brokerage industry could be by selling your location history even if your phone is not a Pegasus.