Every time there’s a report about an iPhone or iPad exploit being actively distributed and used, it’s unnerving. In July, it was revealed that security researchers discovered evidence of Pegasus spyware being used on the phones of journalists, politicians and activists.
The spyware can be remotely installed on a target’s iPhone or iPad without the owner taking any action, granting the person or organization who installed it full access to the device and all the data it holds. That includes text messages, emails and even recording phone calls. Pegasus was originally designed and is marketed by its creator, the NSO Group, to monitor criminals and terrorists.
I think it’s only natural to wonder if your devices are infected whenever reports like this surface, even though there’s no reason for any government entity to want to monitor my iPhone use. That is, unless they really want to know how much time I spend on TikTok every day. And in that case, they can just ask. (Spoiler: It’s a lot.) For those who are curious, like me, there’s now a free tool that allows you to check your iPhone or iPad with a few clicks of the mouse.
To be clear, the odds of your iPhone or iPad being infected by the Pegasus Spyware are low, and various reports claim that the most recent update, iOS 14.7.1, fixed the exploit Pegasus was using, but that hasn’t been confirmed by Apple. That said, if you want peace of mind — just in case — by knowing that your device is free of anyone spying on you, here’s what you need to do.
Download and install iMazing’s app on your Mac or PC
iMazing recently updated its Mac and PC app to include Amnesty International’s Mobile Verification Toolkit (MVT) which was built to detect signs of Pegasus on a device and isn’t charging users to access the feature.
Download iMazing for your respective computer from the company’s website. Don’t worry about buying the app, we can run the full spyware test using the free trial.
After it’s downloaded, install iMazing and then open it. When prompted, select free trial.
How to run the Pegasus Spyware test on your iPhone or iPad
With iMazing installed and running, connect your iPhone or iPad to your computer using the appropriate cable. You may have to enter your Lock Screen code on your device to approve the connection before proceeding (something to keep in mind if your iPhone or iPad isn’t showing up in iMazing).
Next, scroll down through the action options on the right-hand side of iMazing until you locate Detect Spyware; click on it.
A new window will open, guiding you through the process. The tool works by creating a local backup of your device (so you’ll need to make sure you have enough storage space for the backup), and then analyzing that backup. It’s an automated task, so you don’t have to stick around to monitor it once you click start.
iMazing suggests leaving all of the default settings in place as you click through each screen. There are configuration options built into the tool for advanced users, but for most of us (including myself), the default configuration settings will get the job done.
After going through the basic configuration, you’ll need to accept a license for the tool and then click the Start Analysis button.
Once the process starts, make sure you leave your iPhone or iPad connected until it’s finished. I ran the test on my iPhone 12 Pro and it took around 30 minutes to create the backup and another 5 minutes for it to be analyzed. After the backup was created, I did have to enter my account password to allow iMazing to begin analyzing the file. Because of that, I recommend starting the tool and checking on it after a while.
Once iMazing begins analyzing your device’s backup, it’ll show you its progress by displaying each individual app it’s checking, starting with iMessage. The app is using a database of known “malicious email addresses, links, process names and file names“
When iMazing finishes, you’ll see an alert with the results. In my case, my iPhone 12 Pro did not show any signs of infection and had 0 warnings.
The alert also includes two buttons to either open or reveal the report. I looked through my report and it contained a bunch of random links that meant nothing to me.
What to do if the iMazing app says your device has signs of an infection
First of all, don’t panic. It could be a false positive. iMazing asks that you send the report (click reveal report to go directly to the file) to its customer support team who will then do further analysis.
The company does suggest, however, that if you or a family member are active in a “politically sensitive context” and have a positive report to immediately remove your SIM card and turn your iPhone off.
Again, the odds of getting a true positive report are very low, but at least you’ll have some peace of mind. For more security tips, double-check these settings. For added privacy, go through these steps.