Apple sues Pegasus for spyware maker. How to check if your iPhone has NSO Group software
The odds are low your iPhone or iPad is infected by Pegasus spyware, but here's how to check just in case.
Jason CiprianiContributing Writer, ZDNet
Jason Cipriani is based out of beautiful Colorado and has been covering mobile technology news and reviewing the latest gadgets for the last six years. His work can also be found on sister site CNET in the How To section, as well as across several more online publications.
In the ongoing battle between Apple and the Pegasus spyware, the iPhone maker today said it was suing the NSO Group -- the maker of surveillance software. Apple said it is seeking to protect its users from "further abuse and harm" with a permanent injunction to ban NSO Group from using the iPhone maker's hardware, software or devices, Apple said in a release.
The spyware can be remotely installed on a target's iPhone or iPad, granting the person or organization who installed it full access to the device and all the data it holds -- without the owner taking any action. That includes text messages, emails and even recording phone calls. Pegasus was originally designed and is marketed by its creator the NSO Group to monitor criminals and terrorists.
While's there probably little chance a government entity would install Pegasus on your iPhone to monitor your activities, if you are curious, there's a free tool that allows you to check your iPhone or iPad with a few clicks. To be clear, the odds of your iPhone or iPad being infected by the Pegasus spyware are low. That said, if you want peace of mind -- just in case -- here's what you need to do, along with installing the iOS update.
Watch this: We go hands-on with Apple's new $99 MagSafe Battery Pack
Download and install iMazing's app on your Mac or PC
Download iMazing for your computer from the company's website. Don't worry about buying the app: You can run the full spyware test using just the free trial.
Install iMazing and open it. When prompted, select the free trial.
How to run the Pegasus Spyware scan on your iPhone or iPad
With iMazing installed and running, connect your iPhone or iPad to the computer. You may have to enter the Lock Screen code on your device to approve the connection before proceeding (something to keep in mind if your iPhone or iPad isn't showing up in iMazing).
Next, scroll down through the action options on the right-hand side of iMazing until you locate Detect Spyware; click it.
A new window will open, guiding you through the process. The tool works by creating a local backup of your device (so you'll need to make sure you have enough storage space for the backup), and then analyzing that backup. It's an automated task, so you don't have to stick around to monitor it once you click start.
iMazing suggests leaving all of the default settings in place as you click through each screen. There are configuration options built into the tool for advanced users, but for most of us (including myself), the default configuration settings will get the job done.
After going through the basic configuration, you'll need to accept a license for the tool and then click the Start Analysis button.
Once the process starts, make sure you leave your iPhone or iPad connected until it's finished. I ran the test on my iPhone 12 Pro and it took around 30 minutes to create the backup and another five minutes for it to be analyzed. After the backup was created, I did have to enter my account password to allow iMazing to begin analyzing the file. Because of that, I recommend starting the tool and checking on it after a while.
When iMazing finishes, you'll see an alert with the results. In my case, my iPhone 12 Pro showed no signs of infection and had 0 warnings.
The alert also includes two buttons to open or reveal the report. I looked through my report, and it contained a bunch of random links that meant nothing to me.
What to do if the iMazing app says your device has signs of an infection
First of all, don't panic. It could be a false positive. If this happens, iMazing asks that you send the report (click Reveal Report to go directly to the file) to its customer support team for further analysis. The company does suggest, however, that if you or a family member are active in a "politically sensitive context" and have a positive report to immediately remove your SIM card and turn off your iPhone or iPad.
If your phone is not infected, you still want to install the latest update on your iPhone, iPad, Apple Watch and Mac, which addresses the vulnerability.