An eye on the spy in your iPhone
A Chimera may be hiding inside Apple’s walled garden. The Apple security system has been referred to as a walled garden. It is a tightly controlled “tech ecosystem” that keeps bandits out of your iPhone.
Occasionally, someone may succeed in breaking in, and then, strangely enough, Apple’s strong defences actually help the intruder. The security itself becomes a barrier that keeps investigators from spotting anomalies and understanding them.
This is what the Pegasus spyware did. By now, everyone is aware that Pegasus is military-grade spyware that has been developed by the Israeli company NSO. It works on zero-click; one doesn’t have to click a link, answer a call or respond to a message for the software to lodge itself.
It is military-grade, meaning it has been developed to snoop out terrorists and criminals. And it costs a bomb, nearly Rs 9 crore to be installed on just 10 iPhones (2016 data). It uses vulnerabilities in iMessage, WhatsApp, FaceTime to enter the phone.
Most feel Apple has fixed the hole that allowed the Pegasus spyware to infiltrate its devices. The iOS 14.7.1 provides important security updates that are recommended for all. Update your Apple devices if you have not already done so.
The Mobile Verification Toolkit (MVT) is a bunch of utilities to simplify and automate the process of gathering forensic traces helpful in identifying whether your phone, iOS or Android, has been compromised or an attempt has been made to compromise it. It is available at https://bit.ly/3ipMSDW.
MVT allows for consensual forensic analysis of devices of people who may be targets of spyware attacks such as Pegasus. It has been released under an adaptation of Mozilla Public License v2.0 and should be used with the explicit consent of persons whose data is being extracted.
It was developed and released by the Amnesty International Security Lab just last month. It is a forensic research tool meant for technologists and investigators. It is not meant for end users. If you are concerned about your iPhone being infected, consult an expert.
iVerify iOS app
For people like us, there is iVerify. iVerify, by Trail of Bits, is a security app that looks inside iPhones but follows Apple’s privacy rules. It looks for breaches like unexplained file modifications. It searches for indirect clues and reports if something isn’t looking as it should. However, it cannot observe the malware and it, too, is blocked from reading through the iPhone’s memory.
Download the app from the App Store for Rs 269. It is well designed and has a clean, simple interface. If you are not tech-savvy, this is the app for you. It gives guidelines simply and explains each step as to why you need to do this and that and change things.
As soon as you open the app, it scans and tells you if there are traces of Pegasus in your phone. This system of automated checks, as well as education, is excellent. Strictly follow the step-by-step instructions. It trains you to understand your device better and relate to it.
iVerify includes automated checks for device security, Face ID, screen-lock and iOS version status. It also has a newsfeed and adds DNS over HTTPS, Force HTTPS and metadata stripping features. This vastly improves online security. The tips and suggestions it provides are helpful. It will remind you when to reboot your phone. It will guide you into securing your device by using the built-in settings.
However, sometimes the steps given do not match what you see in the Settings menu. Perhaps future iterations will improve on this.
Send in your problems to email@example.com with TechTonic as the subject line