Governments around the world are spying on their critics – journalists, human rights activists, opponents: the international “Pegasus Project” series of exhibitions hit the headlines around the world two and a half weeks ago. At the center of the research, in which the Süddeutsche Zeitung was also involved, was the spy software Pegasus from the Israeli company NSO. The program is able to infect smartphones remotely. A secret service or police department with a Pegasus license usually only needs a target person’s phone number to attack their smartphone. Pegasus then turns the cell phone into a digital bug and takes full control of the device. Police and Secret Service agents can view, steal and evaluate all data and communications, even encrypted chats. Even remote control of the camera and microphone is possible.
The fact that smartphones listen to their owners, for example for advertising purposes, is a widespread fear that security researchers have often refuted as unfounded. Pegasus, however, allows exactly that and therefore caused some uncertainty.
Supervisor-hunters must dig into the most private information
The “iMazing” software now offers the possibility that at least iPhone users can examine their device for traces of a Pegasus infection. “iMazing” is a paid program for managing Apple devices such as iPhones and iPads and is mainly used to create a backup of personal data and, for example, to export chat histories from messengers such as Whatsapp. The spyware detection feature is free, according to the company. The product from Swiss company Digi DNA runs on Apple’s MacOS operating system and Windows devices.
Open detailed view
Activists demonstrate after the publication of the Pegasus project in front of the commercial building of the manufacturer Pegasus NSO Group in Herzliya, not far from Tel Aviv.
(Photo: Nir Elias / Reuters)
If users wish to take advantage of the Pegasus test, they must create a backup of their iPhone for the program or allow “iMazing” access to an existing data backup. The software then searches for traces of Pegasus in this data. They can be found in chat messages, browser search history, or operating system log files. Thus, the software browses the most private information. The developers emphasize that no data is transferred and that the analysis takes place exclusively on the user’s computer. As with any software, however, the following applies: Users should only run programs that they trust the developers to – and the more sensitive the data processed, the greater the trust should be.
Amnesty International computer researchers published free analysis tools
For years, security researchers have examined every line of the Pegasus code they find on activists ‘or journalists’ smartphones. They also map the infrastructure of the manufacturing company NSO, i.e. the servers and their IP addresses through which the spyware is downloaded. This has resulted in a worldwide exchange of known attack methods, which allows automatic search for clues through programs such as “iMazing”.
Key parts of the “iMazing” program code have also been developed by forensics experts at Amnesty International’s “Security Lab” and released as open source software on the Internet for free use within the Pegasus project. Amnesty International’s “Mobile Verification Toolkit” is less user-friendly if you do not master the basics of programming. However, it also allows Android users to check their devices.
Despite the widespread use of spyware, as Project Pegaus research shows, Pegasus is not a mass product. Governments pay millions of dollars for a few hundred attacks. And every attack must be planned, controlled and evaluated. Anyone who nevertheless believes they are of great interest to a licensed Pegasus authority can use “iMazing” to quickly and easily create some degree of clarity. But it’s also clear that companies like NSO generally have a leg up on IT security researchers.