The spyware Pegasus, developed by the Israeli NSO Group, was originally promoted as a tool to combat terrorism and organized crime. In reality, however, it has often been used against individuals who have committed no crimes:

  • Journalists
  • Human rights activists
  • Opposition members and whistleblowers

For many of them, Pegasus has meant not protection but intimidation, persecution, and surveillance. Even Swiss authorities have reportedly used Pegasus, as highlighted in a report by the NZZ.

In this article, we will show you how even non-experts can use the open source software MVT (Mobile Verification Toolkit) to check whether an iPhone has been compromised.

 

Zero-Click Attacks: No Interaction Needed

One particularly insidious feature of Pegasus is the so-called zero-click attack: a silent call or message via iMessage or WhatsApp is enough to compromise a device—no user interaction is required. This means that even careful users can be infected without noticing.

📱 No action on the part of the person concerned is required.

A silent call via FaceTime, a prepared iMessage or an invisible WhatsApp message is all it takes - and Pegasus installs itself in the background. Without notice, without confirmation, without a trace in the user interface.

 

What can you do? MVT helps in the search for clues

The Mobile Verification Toolkit (MVT) from Amnesty Tech is a free open source tool that can be used to find evidence of Pegasus infections on iOS and Android devices and requires Python to be installed. Its use is not entirely trivial, but it is also feasible for technically interested laypersons.

MVT runs on the following platforms:

  • macOS
  • Linux/Unix
  • Windows

In the following, we show the application under macOS, as it works most stably there and can work directly with local iPhone backups.

 

Step-by-step instructions (macOS)

Requirements:

  • A Mac with terminal access
  • Homebrew installed
  • An iPhone-Backup (local, unencrypted)

1. Install MVT

Bash
brew install mvt

2. Create a local iPhone backup

  • Connect the iPhone to the Mac via USB
  • Open Finder → Select device → “Back up now”
  • Important: Backup must NOT be encrypted

3. Update Pegasus signatures (optional, but recommended)

So that MVT is up to date:

Bash
mvt-ios download-iocs

4. Start analysis

MVT then checks independently with the current IOC database, here is an example call:

Bash
mvt-ios check-backup "~/Library/Application Support/MobileSync/Backup/00009999-000123456789ABCD"

Replace the path with the path to your own iPhone backup. If successful, an analysis report will be created in the current directory.

 

What happens if traces are found?

Even if a positive result is found, this does not automatically mean that there is currently an infection - it means that suspicious facts have been found in the backup that match known Pegasus activities. Nevertheless, immediate action is then advisable - for example, contacting a forensics initiative (e.g. Amnesty Tech or Citizen L) or the CCC. In our opinion, the FedPol should also deal with the issue in Switzerland if someone is being unlawfully monitored.

 

Further risks in the background

Even though Pegasus is officially sold as a targeted surveillance tool, it is not transparent exactly what the software does and who has access to the data:

  • Access to camera and microphone
  • Interception of messages, passwords, location data
  • Spying even with encrypted messengers
  • Manipulation of files and communication

This makes Pegasus a potential Trojan horse for third-party agendas and also poses a security risk for the state that uses it:

  • Lack of control: The complex and secretive nature of Pegasus makes it difficult to keep track of all vulnerabilities and side effects.
  • Risk of misuse: If the software is stolen, copied or hacked, adversaries or cybercriminals could use it to attack or spy on the state itself.
  • Political and legal risks: Its use can lead to political scandals, loss of trust and legal consequences that weaken the state.
  • Technical risks: Pegasus can unintentionally disclose sensitive information or open security gaps in your own IT system.

 

Conclusion

Pegasus shows how quickly surveillance can get out of hand. This makes it all the more important to protect yourself with tools such as MVT - or at least to be able to recognize indications of attacks. This is an important element of digital self-defense, especially for people in politically sensitive or investigative professions.