Over the weekend, an international consortium of news outlets reported that several authoritarian governments — including Mexico, Morocco and the United Arab Emirates — used spyware developed by NSO Group to hack into the phones of thousands of their most vocal critics, including journalists, activists, politicians and business executives.
A leaked list of 50,000 phone numbers of potential surveillance targets was obtained by Paris-based journalism nonprofit Forbidden Stories and Amnesty International and shared with the reporting consortium, including The Washington Post and The Guardian. Researchers analyzed the phones of dozens of victims to confirm they were targeted by the NSO's Pegasus spyware, which can access all of the data on a person's phone. The reports also confirm new details of the government customers themselves, which NSO Group closely guards. Hungary, a member of the European Union where privacy from surveillance is supposed to be a fundamental right for its 500 million residents, is named as an NSO customer.
The Mobile Verification Toolkit, or MVT, works on both iPhones and Android devices, but slightly differently. Amnesty said that more forensic traces were found on iPhones than Android devices, which makes it easier to detect on iPhones.
The toolkit works on the command line, so it's not a refined and polished user experience and requires some basic knowledge of how to navigate the terminal. We got it working in about 10 minutes, plus the time to create a fresh backup of an iPhone, which you will want to do if you want to check up to the hour.
[Also Covered By]: GIZMODO
(Score: 4, Insightful) by Runaway1956 on Wednesday July 21 2021, @09:15AM (6 children)
The command line, or CLI, is as refined and polished as things get. Anything and everything else that runs on top of, or above, the CLI is an obfuscation that separates you from the operating system. Got an application that doesn't work? You have no clue why it's not working? Fire up a CLI and invoke your application, and read the errors. Now you have something to report to the IT guy!
"Your application, 'Groovin with Bart', "eat my shorts at line 241: error 37 No shorts found."
(Score: 2) by PiMuNu on Wednesday July 21 2021, @12:27PM (2 children)
CLI is obfuscated by bash (or whatever is common nowadays).
(Score: 2) by Subsentient on Wednesday July 21 2021, @04:11PM (1 child)
Bash is still dominant. Cmon, bash is good, and it's been around for decades. It actually improves upon POSIX shell in meaningful ways, and everybody knows bash.
"It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
(Score: 3, Touché) by PiMuNu on Wednesday July 21 2021, @04:43PM
I know, just being pedantic.
(Score: 2) by fakefuck39 on Wednesday July 21 2021, @06:01PM
well, this CLI does not work for my android phone, and I have no idea why it's not working. Of course, i have a weird degoogled rom, and half the apps don't work either. but I'm also pretty sure Pegasus wouldn't work on it either. What's annoying is half the banks out there only give you the chat and check deposit options through their banking app, which don't run on my phone, and not on their website.
(Score: 0) by Anonymous Coward on Thursday July 22 2021, @06:10PM (1 child)
(Score: 3, Touché) by Runaway1956 on Thursday July 22 2021, @08:31PM
I can beat CLI. I drive analog.