Spyware Analyzer Improvements
In July 2021, we integrated Amnesty International's MVT open-source command line tool for detecting NSO Group’s Pegasus spyware on iOS devices into iMazing, providing users with a simple front-end to detect if their device might have been compromised.
Since then, iMazing's Spyware Analyzer has found between approximatively 20 instances of Pegasus-compromised devices. We wholly appreciate the trust users of these devices have placed in us, and we hope they remain free from any unjust prosecution or persecution.
During recent discussions surrounding the refresh of our website, we decided to build a page specifically for Spyware Analyzer. Previously, information about this feature only existed in a blog post announcing the feature.
The motivation at that time—just a couple months ago now—was to explain that in the 18 months since Pegasus gained notoriety, updates to iOS and iPadOS have greatly reduced the possibility of infection by Pegasus, as well as Predator, another spyware that was detected around the same time.
Predator was developed by Cytrox, a firm that ceased operations in 2019. NSO Group claims to no longer be selling its spyware to questionable groups, although it still very much remains in the business of offensive cyber tools: "Head of Israeli Cyber Firm NSO Group Reaffirms Company Commitment to Spyware,” The Wall Street Journal, 26 Jan 2023.
In other words, the utility of iMazing's Spyware Analyzer tool wasn't what it had been.
Or so we thought.
In recent weeks, others nefarious spywares have emerged: KingsPawn, and more recently Operation Triangulation.
KingsPawn was developed by a firm named QuaDream, which shut operations in April 2023, following the public disclosure of its spyware, which was first detected by Microsoft Threat Intelligence.
We have since updated the STIX files that iMazing’s Spyware Analyzer uses to detect KingsPawn. iMazing now scans for these instances of spyware on iPhones and iPads:
- Pegasus from NSO Group (more info from Amnesty Tech)
- Predator from Cytrox (more info from Citizen Lab)
- KingsPawn from QuaDreams (more info from Citizen Lab)
- Operation Triangulation from an unknown source (more info from Kaspersky)
Stalkerware and Watchware Detection
In addition, leveraging support from the community (Github), iMazing can now detect dozens instances of "stalkerware" and “watchware” running on a device. The full list of such products and services is exhaustive, and can be read here.
Unlike spyware, which is generally deployed clandestinely by government-affiliated groups against high-value targets, stalkerware and watchware apps are commercially developed and distributed. These products are often positioned as tools that enable parents to monitor their children, but can also potentially be used surreptitiously to monitor people without their knowledge or consent.
That said, we can’t underscore this important point enough: iMazing's detection mechanisms can trigger false-positives, so an indicator of compromise does not necessarily mean your device has been compromised.
Case in point: simply visiting mmspy.com in Safari (a benign interaction with a legitimate company, but one that develops watchware) will trigger an alert when iMazing's Spyware Analyzer scans your Safari data that your device might be associated with mSpy. If that is the only indicator of compromise iMazing reports, it’s unlikely that your device actually has mSpy installed on it.
It is therefore very important to remain calm and judicious with any flags that iMazing's Spyware Analyzer raises, and to investigate the legitimacy of any threat to you and your data.
We remain ready to review any results and provide high-level advice, if desired, just contact us.
Spyware Analyzer: Free Forever
DigiDNA is committed to providing the best tools for iPhone and iPad users to determine if their devices are compromised in any way. When we initially developed iMazing's Spyware Analyzer in 2021, we didn't expect this subject to still be relevant today, but the reality of the world is that it is remains as relevant as ever.
Out of respect for our belief in the fundamental right of individuals to privacy, we are happy to provide iMazing's Spyware Analyzer capabilities free of charge to the user community.
