Use This Tool to Check If Your Phone’s Been Hacked by the NSO Group’s Spyware

Use This Tool to Check If Your Phone’s Been Hacked by the NSO Group’s Spyware
Photo: JACK GUEZ / AFP, Getty Images

If you’ve been watching the news this week you may have heard something about the NSO Group, an Israeli spyware firm that’s been accused of helping bad actors hack journalists, politicians, and human rights activists throughout the world.

You’d be forgiven for not knowing a ton about NSO — especially since the company has largely operated in the shadows throughout the majority of its existence. However, outrage over the firm’s apparent abuses has been building for quite some time. The most recent controversy comes after an international consortium of news and research outlets announced “The Pegasus Project,” a broad effort to publicise the extent to which NSO’s commercial malware, Pegasus, has been sold to shady governments so that they can spy on their citizens.

According to reports, Pegasus is a frighteningly powerful tool that has the ability to compromise Android and iOS devices with ease. It can do this with a single-click exploit (wherein a user is tricked into engaging a malicious link, thus downloading the spyware onto their phone), or, actually, without a click. That is, Pegasus apparently has the ability to take advantage of vulnerabilities inherent in a victim’s device, and can compromise phones without malware operators’ even needing to successfully phish them. Research published as part of “The Pegasus Project” shows that the malware was recently discovered on a fully patched iPhone 12 — the newest model running the most current update (iOS 14.6).

If you’re worried about how terrifying that is, there’s actually a tool you can use to check whether your phone has somehow been compromised by the company’s malware, TechCrunch has helpfully pointed out. The Mobile Verification Toolkit was created to assist with the “consensual forensic analysis of Android and iOS devices, for the purpose of identifying traces of compromise,” its website states. So, basically, it’s built to tell you whether you’ve been hacked or not.

Using the MVT takes a little know-how but, in essence, the program allows you to scan all of the files on a backup of your device. You’ll need to make a fresh copy of that data, also known as a “full system dump.” The MVT must also be outfitted with Amnesty International’s IOCs (indicators of compromise) related to NSO’s malware delivery system. The program then sifts through your data, scanning for those indicators, to assess whether your device may have been compromised or not. After the analysis, the program will subsequently spit out a number of files, which will mention if the MVT found any signs of infiltration. TechCrunch reports that the whole process takes about 10 minutes to get up and running if you know what you’re doing.

While the odds are quite low that the average phone user has been targeted by NSO’s malware, you never know. After all, the recent investigation was kicked off by an anonymous leak of some 50,000 phone numbers — all of which are considered potential targets of NSO-related spying (the company has denied that this list accurately represents “a list of Pegasus targets or potential targets” and claims that it is “not related to NSO group in any way”). The company is now under investigation in multiple countries, after having been accused of facilitating surveillance of not only journalists and activists but world leaders, as well. Let’s be honest: if Emmanuel Macron can get hacked, that makes pretty much everybody a potential target.