Submitted by Stigmata in Privacy (edited )

If you are concerned about possible infection with the NSO spyware you can use MVT in conjunction with amnesty international’s intrusion indicators to detect infection on iOS and Android devices.

MVT

Amnesty International IOCs for NSO malware

6

Comments

You must log in or register to comment.

celebratedrecluse wrote

Thank you for sharing

I think tools like this, are less useful to the average person than simply wiping or replacing devices. Because they're inherently limited in their diagnostics, much like any antivirus software etc.

2

celebratedrecluse wrote (edited )

it's a limitation of a centralized system, which the conventional antivirus or antimalware applications always seem to be. the limitation is on information processing, and also who is to do all of the intellectual labor (can't just automate that, yet...) to find the 0days and upload heuristics and code to remove the 0days, etc.

all of our technology digitally is basically broken, and we are just constantly discovering new ways in which it is broken. As far as the military-sponsored, north american internet project, i think it may be better to simply create new networks that use different software but somehow recycle the existing hardware. This will require extensive reverse engineering, which will only be possible if insiders in the computing hardware industry (especially mobiles) leak code and secrets which keep the technology ossified and proprietary.

Imagine, you can flash the modem and bootloader and everything on your cell phone, and actually have a modicum of privacy or security without sacrificing the use-value of the phone. More than that, it could run background operations (consensually) to run the mesh network. Tying use of the network to facilitating traffic, ala freenet and i2p (but not tor, which is pretty clearly divided between users and servers/hops) etc, will be key. Also, using the internet as a fallback will be necessary to grow the mesh to sufficient size and reliability across geography.

This sort of project is counter-infrastructural, as it reappropriates capitalist technology for a different purpose; the free sharing of information and social connectivity, for the benefit and safety of all

2

Stigmata OP wrote

I can see what you mean. Yeah, this tool is more useful for a technician who is looking to confirm a suspected infection. It can give you a clue to if you need to mitigate a possible leak.

But of course if you suspect infection you should thoroughly wipe your device.

Just as a side note if anyone is reading this because they are thinking they need to wipe their device, not all ways of wiping are created equal. Make sure you are fully wiping your device, not just clearing the settings.

Unfortunately most information for good security practices comes from national intelligence agencies, and GCHQ in Britain has published good information regarding secure wiping of devices that are suspected to be infected, for iOS specifically you need to use DFU mode to restore the device to a fully clean state.

More guidance is on the GCHQ site: https://www.ncsc.gov.uk/collection/device-security-guidance/managing-deployed-devices/erasing-devices

2