SecureMac, Inc.

Checklist Short: Finding Pegasus Tracks

August 5, 2021

A short Checklist this week, but an important one: A free tool to help detect Pegasus spyware on an iPhone!

Checklist Short: Finding Pegasus Tracks

This week’s Checklist is going to be a short episode — but we wanted to share an important update to a story we’ve been covering on the podcast.

Pegasus spyware: the background

If you’re a regular listener, you already know that Pegasus spyware has been discovered on iOS devices around the world. Pegasus is a commercial spyware tool made by Israeli firm NSO Group. It is sold to governments and law enforcement agencies around the world.

NSO Group says that it’s just helping governments fight the bad guys. Critics argue that this simply isn’t true. They say that NSO Group’s spyware is routinely used by authoritarian regimes to monitor journalists, activists, and political opposition figures.

Because Pegasus is used in targeted attacks, the risk of an infection for everyday iPhone users is probably fairly low. But “fairly low” isn’t the same as non-existent — especially since one of the ways that the spyware gets onto an iPhone is by exploiting iOS vulnerabilities

How to detect Pegasus on an iPhone

If you’re concerned about a Pegasus infection, the folks at iMazing have a free tool that can help you.

iMazing makes a file transfer and backup app for iPhones, iPads, and iPods. iMazing’s developers looked at the code for Amnesty International’s Mobile Verification Toolkit (MVT), a generic methodology meant to help users detect Pegasus infections. They quickly realized that they’d be able to incorporate the toolkit into their own software. The benefit would be to simplify the detection process for users who aren’t tech-savvy enough to use Amnesty’s MVT.

iMazing notes that their detection tool has some limitations. It’s iOS only, for one thing — it won’t work with Android or with other Apple platforms. In addition, they offer a few words of caution for less-technical users:

iMazing’s spyware analyzer is limited to the detection of a subset of known threats. It does not prevent infection. Its results may be hard to interpret and do not replace expert advice. Its ease of use and low barrier of entry is not without risks, in that some among its users could develop a false sense of security.

With those caveats in mind, here’s how to use iMazing to check an iPhone for Pegasus. To get started, download the iMazing app onto your Mac or PC (again, the download is free and anonymous). The folks at Cult of Mac have a useful walkthrough of the full scanning process, but in summary, here’s what you do next:

  • Connect your iPhone to your computer and choose your iPhone from the iMazing sidebar.
  • Go to the list of tools and click on Detect Spyware.
  • Check Download STIX files, pick a location to save your analysis file, and click Next.
  • Check the boxes indicating that you agree to the terms and disclaimer.
  • Last step: click on Start Analysis to see what iMazing finds!

We’ll be back soon with a full episode of The Checklist. In the meantime, check out our archives for past shows and show notes. And if you like, take a second to write us an email with a question or topic for a future show!

Get the latest security news and deals