If you’ve been watching the news this week you may have heard something about the NSO Group, an Israeli spyware firm that currently stands accused of helping bad actors to hack journalists, politicians, and human rights activists throughout the world.
You’d be forgiven for not knowing a ton about NSO—especially since the company has largely operated in the shadows throughout the majority of its existence. However, outrage over the firm’s apparent abuses has been building for quite some time. The most recent controversy comes after an international consortium of news and research outlets announced “The Pegasus Project,” a broad effort to publicize the extent to which NSO’s commercial malware, Pegasus, has been sold to shady governments so that they can spy on their citizens.
According to reports, Pegasus is a frighteningly powerful tool that has the ability to compromise Android and iOS devices with ease. It can do this with a single-click exploit (wherein a user is tricked into engaging a malicious link, thus downloading the spyware onto their phone), or, actually, without a click. That is, Pegasus apparently has the ability to take advantage of vulnerabilities inherent in a victim’s device, and can compromise phones without malware operators’ even needing to successfully phish them. Research published as part of “The Pegasus Project” shows that the malware was recently discovered on a fully patched iPhone 12—the newest model running the most current update (iOS 14.6).
If you’re worried about how terrifying that is, TechCrunch has helpfully pointed out there’s actually a tool you can use to check whether your phone has been infected by Pegasus. The Mobile Verification Toolkit was created to assist with the “consensual forensic analysis of Android and iOS devices, for the purpose of identifying traces of compromise,” its website states. So, basically, it’s built to tell you whether you’ve been hacked or not.
Using the MVT takes a little know-how but, in essence, the program allows you to scan all of the files on a backup of your device. You’ll need to make a fresh copy of that data, also known as a “full system dump.” The MVT must also be outfitted with IOCs (indicators of compromise) related to NSO’s malware delivery system, as provided by Amnesty International. The program then sifts through your data, scanning for those indicators. After the analysis, the program will subsequently spit out a number of files, which will mention if the MVT found any signs of infiltration. TechCrunch reports that the whole process takes about 10 minutes to get up and running if you know what you’re doing.
While the odds are quite low that the average phone user has been targeted by NSO’s malware, you never know. After all, the recent investigation was kicked off by an anonymous leak of some 50,000 phone numbers—all of which are considered potential targets of NSO-related spying (the company has denied that this list accurately represents “a list of Pegasus targets or potential targets” and claims that it is “not related to NSO group in any way”). The company is now under investigation in multiple countries, after having been accused of facilitating surveillance of not only journalists and activists but world leaders, as well. Let’s be honest: if Emmanuel Macron can get hacked, that makes pretty much everybody a potential target.