privacyguides/i18n
1
0
Fork 0
mirror of https://github.com/privacyguides/i18n.git synced 2025-07-17 06:02:41 +00:00
Code Activity

New Crowdin translations by GitHub Action

Browse Source
This commit is contained in:
Crowdin Bot
2024-01-15 09:32:16 +00:00
parent c8c47f04a6
commit 198bf9673e
29 changed files with 2025 additions and 1445 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
i18n/ar/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/bn-IN/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/bn/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/cs/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/de/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/el/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/eo/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

198
i18n/es/device-integrity.md
View File

@ -7,80 +7,86 @@ cover: device-integrity.webp
Estas herramientas pueden utilizarse para validar la integridad de tus dispositivos móviles y comprobar si presentan indicadores de compromiso por programas espía y maliciosos como Pegasus, Predator o KingsPawn. Esta página se centra en la **seguridad móvil**, porque los dispositivos móviles suelen tener sistemas de solo lectura con configuraciones bien conocidas, por lo que detectar modificaciones maliciosas es más fácil que en los sistemas de escritorio tradicionales. Es posible que en el futuro ampliemos el contenido de esta página.
!!! nota "Este es un tema avanzado"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
Estas herramientas pueden resultar útiles para determinadas personas. Proporcionan funcionalidades de las que la mayoría de la gente no necesita preocuparse, y a menudo requieren conocimientos técnicos más profundos para utilizarlas con eficacia.
```
Estas herramientas pueden ser útiles para determinadas personas. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
Es **crítico** entender que escanear tu dispositivo en busca de indicadores públicos de compromiso no es **suficiente** para determinar que un dispositivo está "limpio" y no es el objetivo de una herramienta de spyware en particular. Confiar en estas herramientas de escaneado de acceso público puede pasar por alto los últimos avances en materia de seguridad y darte una falsa sensación de seguridad.
</div>
## Consejo General
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
La mayoría de los exploits a nivel de sistema en los dispositivos móviles modernos -especialmente los de tipo zero-click- no son persistentes, lo que significa que no permanecen ni se ejecutan automáticamente tras un reinicio. Por este motivo, recomendamos encarecidamente reiniciar el dispositivo con regularidad. Recomendamos a todo el mundo que reinicie sus dispositivos una vez a la semana como mínimo, pero si el malware no persistente te preocupa especialmente, nosotros y muchos expertos en seguridad recomendamos un programa de reinicio diario.
## General Advice
Esto significa que un atacante tendría que reinfectar regularmente tu dispositivo para mantener el acceso, aunque cabe señalar que esto no es imposible. Reiniciar tu dispositivo tampoco te protegerá contra el malware _persistente_, pero esto es menos común en los dispositivos móviles debido a las modernas características de seguridad como el arranque seguro/verificado.
The majority of system-level exploits on modern mobile devices—especially zero-click compromises—are non-persistent, meaning they will not remain or run automatically after a reboot. For this reason, we highly recommend rebooting your device regularly. We recommend everybody reboot their devices once a week at minimum, but if non-persistent malware is of particular concern for you, we and many security experts recommend a daily reboot schedule.
## Información Posterior al Compromiso y Descargo de Responsabilidad
This means an attacker would have to regularly re-infect your device to retain access, although we'll note this is not impossible. Rebooting your device also will not protect you against _persistent_ malware, but this is less common on mobile devices due to modern security features like secure/verified boot.
Si alguna de las siguientes herramientas indica un posible compromiso por parte de programas espía como Pegasus, Predator o KingsPawn, te aconsejamos que te pongas en contacto con:
## Post-Compromise Information & Disclaimer
- Si eres un defensor de los derechos humanos, periodista o perteneces a una organización de la sociedad civil: [Laboratorio de Seguridad de Amnistía Internacional](https://securitylab.amnesty.org/contact-us/)
- Si un dispositivo empresarial o gubernamental se ve comprometido: Ponte en contacto con el responsable de seguridad de tu empresa, departamento o agencia
- Fuerzas y cuerpos de seguridad locales
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
**No podemos ayudarte directamente más allá de esto.** Estamos encantados de discutir tu situación específica o circunstancias y de revisar tus resultados en nuestros espacios de [community](https\://discuss. rivacyguides.net), pero es poco probable que podamos ayudarte más allá de lo que está escrito en esta página.
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us/)
- If a business or government device is compromised: Contact the appropriate security liason at your enterprise, department, or agency
- Local law enforcement
Las herramientas de esta página solo son capaces de detectar indicadores de compromiso, no de eliminarlos. Si te preocupa haber sido comprometido, te aconsejamos que:
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
- Considera la posibilidad de sustituir el dispositivo por completo
- Considera cambiar tu número SIM/eSIM
- No restaures a partir de una copia de seguridad, porque esa copia puede estar comprometida
The tools on this page are only capable of detecting indicators of compromise, not removing them. If you are concerned about having been compromised, we advise that you:
Estas herramientas ofrecen análisis basados en la información a la que pueden acceder desde tu dispositivo, así como indicadores de compromiso de acceso público. Es importante tener en cuenta dos cosas:
- Consider replacing the device completely
- Consider changing your SIM/eSIM number
- Not restore from a backup, because that backup may be compromised
1. Los indicadores de compromiso son solo eso: _indicadores_. No son un hallazgo definitivo, y ocasionalmente pueden ser **falsos positivos**. Si se detecta un indicador de compromiso, significa que debes realizar una investigación adicional sobre la amenaza _potencial_.
2. Los indicadores de peligro que buscan estas herramientas son publicados por organizaciones de investigación de amenazas, ¡pero no todos los indicadores se ponen a disposición del público! Esto significa que estas herramientas pueden presentar un **falso negativo**, si tu dispositivo está infectado con spyware que no es detectado por ninguno de los indicadores públicos. Un apoyo y triaje forense digital fiable y completo requiere acceso a indicadores no públicos, investigación e inteligencia sobre amenazas.
These tools provide analysis based on the information they have the ability to access from your device, and publicly-accessible indicators of compromise. It is important to keep in mind two things:
## Herramientas de Verificación Externas
1. Indicators of compromise are just that: _indicators_. They are not a definitive finding, and may occasionally be **false positives**. If an indicator of compromise is detected, it means you should do additional research into the _potential_ threat.
2. The indicators of compromise these tools look for are published by threat research organizations, but not all indicators are made available to the public! This means that these tools can present a **false negative**, if your device is infected with spyware which is not detected by any of the public indicators. Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Las herramientas de verificación externas se ejecutan en el ordenador y escanean el dispositivo móvil en busca de rastros forenses que resulten útiles para identificar un posible compromiso.
## External Verification Tools
!!! danger "Peligro"
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
```
Los indicadores públicos de compromiso son insuficientes para determinar que un dispositivo está "limpio" y no es el objetivo de una herramienta espía concreta. Confiar únicamente en indicadores públicos puede pasar por alto rastros forenses recientes y dar una falsa sensación de seguridad.
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
Un apoyo y un triaje forenses digitales fiables y completos requieren acceso a indicadores no públicos, investigación e inteligencia sobre amenazas.
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Este tipo de apoyo está disponible para la sociedad civil a través de [Laboratorio de Seguridad de Amnistía Internacional](https://www.amnesty.org/es/tech/) o [Línea de Ayuda de Seguridad Digital de Access Now](https://www.accessnow.org/help/).
```
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
</div>
Estas herramientas pueden desencadenar falsos positivos. Si alguna de estas herramientas detecta indicadores de peligro, debes profundizar para determinar el riesgo real. Algunos informes pueden ser falsos positivos basados en sitios web que has visitado en el pasado, y los hallazgos que tienen muchos años de antigüedad probablemente sean falsos positivos o indiquen un compromiso anterior (y ya no activo).
### Mobile Verification Toolkit
!!! recommendation "Recomendación"
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) es una colección de utilidades que simplifica y automatiza el proceso de escaneo de dispositivos móviles en busca de posibles rastros de ataques o infecciones por campañas de spyware conocidas. MVT fue desarrollado por Amnistía Internacional y publicado en 2021 en el contexto del [Proyecto Pegasus](https://forbiddenstories.org/about-the-pegasus-project/).
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
[:octicons-home-16: Página Principal](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Código Fuente" }
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads "Descargas"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning "Advertencia"
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
El uso de MVT no es suficiente para determinar que un dispositivo está "limpio" y no es objetivo de una herramienta espía concreta.
```
</div>
MVT es _más_ útil para escanear dispositivos iOS. Android almacena muy poca información de diagnóstico útil para triar posibles compromisos, y debido a esto las capacidades de `mvt-android` también son limitadas. Por otro lado, las copias de seguridad cifradas de iTunes para iOS proporcionan un subconjunto de archivos almacenados en el dispositivo lo suficientemente grande como para detectar artefactos sospechosos en muchos casos. Dicho esto, MVT sigue proporcionando herramientas bastante útiles para el análisis tanto de iOS como de Android.
@ -98,22 +104,25 @@ MVT te permite realizar escaneos/análisis más profundos si tu dispositivo tien
### iMazing (iOS)
!!! recommendation "Recomendación"
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** proporciona una herramienta gratuita de análisis de spyware para dispositivos iOS que actúa como un GUI-wrapper para [MVT](#mobile-verification-toolkit). Esto puede ser mucho más fácil de ejecutar en comparación con el propio MVT, que es una herramienta de línea de comandos diseñada para tecnólogos e investigadores forenses.
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
[:octicons-home-16: Página Principal](https://imazing.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Política de Privacidad" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentación}
[:octicons-home-16: Homepage](https://imazing.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads "Descargas"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automatiza y te guía de forma interactiva a través del proceso de uso de [MVT](#mobile-verification-toolkit) para escanear tu dispositivo en busca de indicadores de compromiso de acceso público publicados por varios investigadores de amenazas. Toda la información y advertencias que se aplican a MVT se aplican también a esta herramienta, por lo que te sugerimos que te familiarices también con las notas sobre MVT de las secciones anteriores.
@ -121,34 +130,38 @@ iMazing automatiza y te guía de forma interactiva a través del proceso de uso
Se trata de aplicaciones que puedes instalar y que comprueban el dispositivo y el sistema operativo en busca de signos de manipulación y validan la identidad del dispositivo.
!!! warning "Advertencia"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
El uso de estas aplicaciones no basta para determinar que un dispositivo está "limpio" y no es objetivo de una herramienta de spyware concreta.
```
</div>
### Auditor (Android)
!!! recommendation "Recomendación"
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
**Auditor** es una aplicación que aprovecha las características de seguridad del hardware para supervisar la integridad del dispositivo validando activamente la identidad de un dispositivo y la integridad de su sistema operativo. Actualmente, solo funciona con GrapheneOS o con el sistema operativo original de [dispositivos compatibles](https://attestation.app/about#device-support).
**Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).
[:octicons-home-16: Página Principal](https://attestation.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Política de Privacidad" }
[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentación}
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Código Fuente" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribuir }
[:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads "Descargas"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor no es una herramienta de escaneo/análisis como otras herramientas de esta página, sino que utiliza el almacén de claves respaldado por hardware de tu dispositivo para permitirte verificar la identidad de tu dispositivo y asegurarte de que el propio sistema operativo no ha sido manipulado o degradado a través de un arranque verificado. Esto proporciona una comprobación muy sólida de la integridad del propio dispositivo, pero no comprueba necesariamente si las aplicaciones a nivel de usuario que se ejecutan en el dispositivo son maliciosas.
@ -170,51 +183,58 @@ Si tu [modelo de amenaza](basics/threat-modeling.md) requiere privacidad, podrí
Se trata de aplicaciones que puedes instalar en tu dispositivo y que lo escanean en busca de señales de peligro.
!!! warning "Advertencia"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
El uso de estas aplicaciones no basta para determinar que un dispositivo está "limpio" y no es objetivo de una herramienta de spyware concreta.
```
</div>
### Hypatia (Android)
!!! recommendation "Recomendación"
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
**Hypatia** es un escáner de malware en tiempo real de código abierto para Android, del desarrollador de [DivestOS](android.md#divestos). Accede a Internet para descargar actualizaciones de la base de datos de firmas, pero no sube tus archivos ni ningún metadato a la nube (los escaneos se realizan de forma totalmente local).
**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
[:octicons-home-16: Página Principal](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Política de Privacidad" }
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Código Fuente" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribuir }
[:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads "Descargas"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia es especialmente bueno en la detección de stalkerware común: Si sospechas que eres víctima de stalkerware, deberías [visitar esta página](https://stopstalkerware.org/information-for-survivors/) para obtener asesoramiento.
### iVerify (iOS)
!!! recommendation "Recomendación"
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** es una aplicación para iOS que escanea automáticamente tu dispositivo para comprobar los ajustes de configuración, el nivel de parches y otras áreas de seguridad. También comprueba tu dispositivo en busca de indicadores de compromiso por parte de herramientas de jailbreak o spyware como Pegasus.
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
[:octicons-home-16: Página Principal](https://www.iverify.io/consumer){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Política de Privacidad" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentación}
[:octicons-home-16: Homepage](https://www.iverify.io/consumer){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads "Descargas"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Como todas las aplicaciones de iOS, iVerify está limitada a lo que puede observar sobre tu dispositivo desde el iOS App Sandbox. No proporcionará un análisis tan sólido como una herramienta de análisis de sistema completo como [MVT](#mobile-verification-toolkit). Su función principal es detectar si tu dispositivo tiene jailbreak, para lo cual es eficaz, sin embargo, una hipotética amenaza que esté _específicamente_ diseñada para eludir las comprobaciones de iVerify probablemente lo conseguiría.

108
i18n/fa/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

204
i18n/fr/device-integrity.md
View File

@ -7,80 +7,86 @@ cover: device-integrity.webp
Ces outils peuvent être utilisés pour valider l'intégrité de vos appareils mobiles et vérifier s'ils présentent des indicateurs de compromission par des logiciels espions et malveillants tels que Pegasus, Predator ou KingsPawn. Cette page se concentre sur la **sécurité mobile**, car les appareils mobiles ont généralement des systèmes en lecture seule avec des configurations bien connues, de sorte que la détection de modifications malveillantes est plus facile que sur les systèmes de bureau traditionnels. Nous pourrions élargir la portée de cette page dans le futur.
!!! note "Ceci est un sujet avancé"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
Ces outils peuvent être utiles à certaines personnes. Ils fournissent des fonctionnalités dont la plupart des gens n'ont pas besoin de s'inquiéter, et nécessitent souvent des connaissances techniques plus approfondies pour être utilisés efficacement.
```
Ces outils peuvent être utiles à certaines personnes. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
Il est **critique** de comprendre que l'analyse de votre appareil à la recherche d'indicateurs publics de compromission n'est **pas suffisante** pour déterminer qu'un appareil est "propre" et qu'il n'est pas la cible d'un logiciel espion particulier. En vous fiant à ces outils d'analyse accessibles au public, vous risquez de passer à côté d'évolutions récentes en matière de sécurité et de vous donner un faux sentiment de sécurité.
</div>
## Conseil général
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
La majorité des exploits au niveau du système sur les appareils mobiles modernes - en particulier les compromissions en zéro clic - sont non persistants, ce qui signifie qu'ils ne resteront pas ou ne s'exécuteront pas automatiquement après un redémarrage. C'est pourquoi nous vous recommandons vivement de redémarrer votre appareil régulièrement. Nous recommandons à chacun de redémarrer son appareil au moins une fois par semaine, mais si les logiciels malveillants non persistants vous préoccupent particulièrement, nous recommandons, comme de nombreux experts en sécurité, de procéder à un redémarrage quotidien.
## General Advice
Cela signifie qu'un attaquant devrait régulièrement réinfecter votre appareil pour en conserver l'accès, bien que cela ne soit pas impossible. Le redémarrage de votre appareil ne vous protège pas non plus contre les logiciels malveillants _persistants_, mais cela est moins fréquent sur les appareils mobiles en raison des fonctions de sécurité modernes telles que le démarrage sécurisé/vérifié.
The majority of system-level exploits on modern mobile devices—especially zero-click compromises—are non-persistent, meaning they will not remain or run automatically after a reboot. For this reason, we highly recommend rebooting your device regularly. We recommend everybody reboot their devices once a week at minimum, but if non-persistent malware is of particular concern for you, we and many security experts recommend a daily reboot schedule.
## Information post-compromission et avertissement
This means an attacker would have to regularly re-infect your device to retain access, although we'll note this is not impossible. Rebooting your device also will not protect you against _persistent_ malware, but this is less common on mobile devices due to modern security features like secure/verified boot.
Si l'un des outils suivants indique une compromission potentielle par un logiciel espion tel que Pegasus, Predator ou KingsPawn, nous vous conseillons de contacter :
## Post-Compromise Information & Disclaimer
- Si vous êtes défenseur des droits de l'homme, journaliste ou membre d'une organisation de la société civile : le [laboratoire de sécurité d'Amnesty International](https://securitylab.amnesty.org/contact-us/)
- Si un appareil professionnel ou gouvernemental est compromis : contactez le responsable de la sécurité de votre entreprise, de votre département ou de votre agence
- Les forces de l'ordre locales
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
**Nous ne sommes pas en mesure de vous aider directement au-delà de ces conseils.** Nous sommes disposés à discuter de votre situation ou de vos circonstances particulières et à examiner vos résultats dans nos espaces [communautaires](https://discuss.privacyguides.net), mais il est peu probable que nous puissions vous aider au-delà de ce qui est écrit sur cette page.
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us/)
- If a business or government device is compromised: Contact the appropriate security liason at your enterprise, department, or agency
- Local law enforcement
Les outils présentés sur cette page sont uniquement capables de détecter les indicateurs de compromission, et non de les supprimer. Si vous craignez d'avoir été compromis, nous vous conseillons de procéder comme suit :
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
- Envisager le remplacement complet de l'appareil
- Envisagez de changer de numéro SIM/eSIM
- Ne pas restaurer à partir d'une sauvegarde, car cette dernière peut être compromise
The tools on this page are only capable of detecting indicators of compromise, not removing them. If you are concerned about having been compromised, we advise that you:
Ces outils fournissent une analyse basée sur les informations auxquelles ils ont accès à partir de votre appareil et sur les indicateurs de compromission accessibles au public. Il est important de garder à l'esprit deux choses :
- Consider replacing the device completely
- Consider changing your SIM/eSIM number
- Not restore from a backup, because that backup may be compromised
1. Les indicateurs de compromissions ne sont que cela : des _indicateurs_. Ils ne constituent pas un résultat définitif et peuvent parfois être des **faux positifs**. Si un indicateur de compromission est détecté, cela signifie que vous devez effectuer des recherches supplémentaires sur la menace _potentielle_.
2. Les indicateurs de compromission recherchés par ces outils sont publiés par des organismes de recherche sur les menaces, mais tous les indicateurs ne sont pas mis à la disposition du public ! Cela signifie que ces outils peuvent présenter un **faux négatif**, si votre appareil est infecté par un logiciel espion qui n'est détecté par aucun des indicateurs publics. Une prise en charge et un triage fiables et complets en matière de criminalistique numérique nécessitent l'accès à des indicateurs non publics, à des recherches et à des renseignements sur les menaces.
These tools provide analysis based on the information they have the ability to access from your device, and publicly-accessible indicators of compromise. It is important to keep in mind two things:
## Outils de vérification externes
1. Indicators of compromise are just that: _indicators_. They are not a definitive finding, and may occasionally be **false positives**. If an indicator of compromise is detected, it means you should do additional research into the _potential_ threat.
2. The indicators of compromise these tools look for are published by threat research organizations, but not all indicators are made available to the public! This means that these tools can present a **false negative**, if your device is infected with spyware which is not detected by any of the public indicators. Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Les outils de vérification externes s'exécutent sur votre ordinateur et analysent votre appareil mobile à la recherche de traces criminalistiques qui permettent d'identifier les compromissions potentielles.
## External Verification Tools
!!! danger "Danger"
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
```
Les indicateurs publics de compromission ne suffisent pas à déterminer qu'un appareil est "propre" et qu'il n'a pas été ciblé par un logiciel espion particulier. En se fiant uniquement aux indicateurs publics, on peut passer à côté de traces criminalistiques récentes et donner un faux sentiment de sécurité.
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
Une prise en charge et un triage fiables et complets en matière de criminalistique numérique nécessitent l'accès à des indicateurs non publics, à des recherches et à des renseignements sur les menaces.
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
La société civile peut bénéficier d'une prise en charge par l'intermédiaire du [laboratoire de sécurité d'Amnesty International](https://www.amnesty.org/en/tech/) ou de la [ligne d'assistance sur la sécurité numérique d'Access Now](https://www.accessnow.org/help/).
```
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
</div>
Ces outils peuvent déclencher des faux positifs. Si l'un de ces outils détecte des indicateurs de compromission, vous devez approfondir la question pour déterminer le risque réel. Certains rapports peuvent être des faux positifs basés sur des sites web que vous avez visités dans le passé, et les résultats qui datent de plusieurs années sont probablement soit des faux positifs, soit le signe d'une compromission antérieure (qui n'est plus active).
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![logo MVT](assets/img/device-integrity/mvt.webp){ align=right }
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) est une collection d'utilitaires qui simplifie et automatise le processus d'analyse des appareils mobiles à la recherche de traces potentielles de ciblage ou d'infection par des campagnes de logiciels espions connues. MVT a été développé par Amnesty International et publié en 2021 dans le cadre du [Projet Pegasus](https://forbiddenstories.org/about-the-pegasus-project/).
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
[:octicons-home-16: Page d'accueil](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Code source" }
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads "Téléchargements"
<details class="downloads" markdown>
<summary>Téléchargements</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning "Avertissement"
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Avertissement</p>
```
L'utilisation de MVT ne suffit pas à déterminer qu'un appareil est "propre" et qu'il n'est pas la cible d'un logiciel espion particulier.
```
</div>
MVT est _plus_ utile pour scanner les appareils iOS. Android stocke très peu d'informations de diagnostic utiles pour trier les compromissions potentielles, et pour cette raison, les capacités de `mvt-android` sont également limitées. Par contre, les sauvegardes iTunes iOS chiffrées fournissent un sous-ensemble suffisamment important de fichiers stockés sur l'appareil pour détecter les artefacts suspects dans de nombreux cas. Ceci étant dit, MVT fournit tout de même des outils assez utiles pour l'analyse des systèmes iOS et Android.
@ -98,22 +104,25 @@ MVT vous permet d'effectuer des analyses plus approfondies si votre appareil est
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![logo iMazing](assets/img/device-integrity/imazing.png){ align=right }
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** fournit un outil gratuit d'analyse des logiciels espions pour les appareils iOS qui agit comme une interface graphique pour [MVT](#mobile-verification-toolkit). Il peut être beaucoup plus facile à utiliser que MVT lui-même, qui est un outil en ligne de commande conçu pour les technologues et les enquêteurs criminalistiques.
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
[:octicons-home-16: Page d'accueil](https://imazing.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Politique de confidentialité" }
[:octicons-home-16: Homepage](https://imazing.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads "Téléchargements"
<details class="downloads" markdown>
<summary>Téléchargements</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automatise et vous guide de manière interactive tout au long du processus d'utilisation de [MVT](#mobile-verification-toolkit) pour analyser votre appareil à la recherche d'indicateurs de compromission accessibles au public et publiés par divers chercheurs en menaces. Toutes les informations et tous les avertissements qui s'appliquent à MVT s'appliquent également à cet outil. Nous vous conseillons donc de vous familiariser également avec les notes sur MVT dans les sections ci-dessus.
@ -121,33 +130,38 @@ iMazing automatise et vous guide de manière interactive tout au long du process
Il s'agit d'applications que vous pouvez installer et qui vérifient que votre appareil et votre système d'exploitation ne présentent pas de signes d'altération et qui valident l'identité de votre appareil.
!!! warning "Avertissement"
<div class="admonition warning" markdown>
<p class="admonition-title">Avertissement</p>
```
L'utilisation de ces applications ne suffit pas à déterminer qu'un appareil est "propre" et qu'il n'est pas la cible d'un logiciel espion particulier.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![logo Auditor](assets/img/device-integrity/auditor.svg#only-light){ align=right } ![logo Auditor](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
**Auditor** est une application qui exploite les fonctions de sécurité matérielle pour assurer la surveillance de l'intégrité des appareils en validant activement l'identité d'un appareil et l'intégrité de son système d'exploitation. Actuellement, elle ne fonctionne qu'avec GrapheneOS ou le système d'exploitation d'origine sur les [appareils pris en charge](https://attestation.app/about#device-support).
**Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).
[:octicons-home-16: Page d'accueil](https://attestation.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Politique de confidentialité" }
[:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Code source" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribuer }
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads "Téléchargements"
<details class="downloads" markdown>
<summary>Téléchargements</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: Magasin d'applications GrapheneOS](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor n'est pas un outil de scan/analyse comme d'autres outils sur cette page, mais il utilise le magasin de clés s'appuyant sur le materiel de votre appareil pour vous permettre de vérifier l'identité de votre appareil et de vous assurer que le système d'exploitation lui-même n'a pas été altéré ou dégradé par le biais d'un démarrage vérifié. Cela fournit un contrôle d'intégrité très solide de l'appareil lui-même, mais qui ne permet pas nécessairement de vérifier si les applications utilisateur exécutées sur l'appareil sont malveillantes.
@ -169,50 +183,58 @@ Si votre [modèle de menace](basics/threat-modeling.md) nécessite une certaine
Il s'agit d'applications que vous pouvez installer sur votre appareil et qui l'analysent pour détecter des signes de compromission.
!!! warning "Avertissement"
<div class="admonition warning" markdown>
<p class="admonition-title">Avertissement</p>
```
L'utilisation de ces applications ne suffit pas à déterminer qu'un appareil est "propre" et qu'il n'est pas la cible d'un logiciel espion particulier.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Logo Hypatia](assets/img/device-integrity/hypatia.svg#only-light){ align=right } ![Logo Hypatia](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
**Hypatia** est un scanner de logiciels malveillants en temps réel pour Android, développé par le développeur de [DivestOS](android.md#divestos). Il accède à Internet pour télécharger les mises à jour de la base de signatures, mais n'envoie pas vos fichiers ni aucune métadonnée sur le cloud (les analyses sont entièrement effectuées localement).
**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
[:octicons-home-16: Page d'accueil](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Politique de confidentialité" }
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Code source" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribuer }
[:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads "Téléchargements"
<details class="downloads" markdown>
<summary>Téléchargements</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia est particulièrement efficace pour détecter les logiciels de harcèlement : si vous pensez être victime d'un logiciel de harcèlement, vous devriez [visiter cette page](https://stopstalkerware.org/information-for-survivors/) pour obtenir des conseils.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![logo iVerify](assets/img/device-integrity/iverify.webp){ align=right }
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** est une application iOS qui analyse automatiquement votre appareil pour vérifier les paramètres de configuration, le niveau des correctifs et d'autres aspects de la sécurité. Elle vérifie également que votre appareil ne présente pas d'indicateurs de compromission par des outils de jailbreak ou des logiciels espions tels que Pegasus.
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
[:octicons-home-16: Page d'accueik](https://www.iverify.io/consumer){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Politique de confidentialité" }
[:octicons-home-16: Homepage](https://www.iverify.io/consumer){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads *Téléchargements*
<details class="downloads" markdown>
<summary>Téléchargements</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Comme toutes les applications iOS, iVerify est limité à ce qu'il peut observer sur votre appareil depuis l'iOS App Sandbox. Elle ne fournira pas une analyse aussi solide qu'un outil d'analyse de système complet tel que [MVT](#mobile-verification-toolkit). Sa fonction première est de détecter si votre appareil est jailbreaké, ce qu'elle fait efficacement, mais une menace hypothétique conçue _spécifiquement_ pour contourner les contrôles d'iVerify y parviendrait probablement.

110
i18n/he/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
ניתן להשתמש בכלים אלה כדי לאמת את תקינות המכשירים הניידים שלך ולבדוק אותם עבור אינדיקטורים של פשרה על ידי תוכנות ריגול ותוכנות זדוניות כגון Pegasus, Predator או KingsPawn. דף זה מתמקד ב-**אבטחת סלולר**, מכיוון שלמכשירים ניידים יש בדרך כלל מערכות לקריאה בלבד עם תצורות ידועות, כך שזיהוי שינויים זדוניים קל יותר מאשר במערכות שולחניות מסורתיות. אנו עשויים להרחיב את המיקוד של דף זה בעתיד.
!!! note "זה נושא מתקדם"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
כלים אלה עשויים לספק שימוש עבור אנשים מסוימים. הם מספקים פונקציונליות שרוב האנשים לא צריכים לדאוג לגביה, ולעתים קרובות דורשים ידע טכני מעמיק יותר כדי להשתמש ביעילות.
```
כלים אלה עשויים לספק שימוש עבור אנשים מסוימים. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger "סַכָּנָה"
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning "אזהרה"
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning "אזהרה"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning "אזהרה"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/hi/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/hu/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/id/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! peringatan
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! peringatan
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! peringatan
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

189
i18n/it/device-integrity.md
View File

@ -7,23 +7,24 @@ cover: device-integrity.webp
Questi strumenti possono essere utilizzati per convalidare l'integrità dei tuoi dispositivi mobile e verificare la presenza di indicatori di compromissione da parte di spyware e malware come Pegasus, Predator o KingsPawn. Questa pagina affronta la **sicurezza mobile**, poiché i dispositivi mobili hanno tipicamente sistemi di sola lettura, con configurazioni ben note, quindi, rilevare modifiche dannose è più facile che con i sistemi desktop tradizionali. In futuro, potremmo espandere l'ambito di questa pagina.
!!! note "Questo è un argomento avanzato"
<div class="admonition note" markdown>
<p class="admonition-title">Questo è un argomento avanzato</p>
```
Questi strumenti potrebbero fornire utilità per certi individui. Forniscono funzionalità di cui gran parte delle persone non necessitano di preoccuparsi e, spesso, richiedono una conoscenza tecnica più approfondita, per l'utilizzo efficiente.
```
Questi strumenti potrebbero fornire utilità per certi individui. Forniscono funzionalità di cui la maggior parte delle persone non deve preoccuparsi e spesso richiedono conoscenze tecniche più approfondite per essere utilizzate in modo efficace.
È **essenziale** comprendere che la scansione del tuo dispositivo, in cerca di indicatori pubblici di compromissione, **non è sufficiente** per determinare che un dispositivo sia "pulito", e non sia stato preso di mira da uno strumento spyware in particolare. L'affidamento a tali strumenti di scansione pubblicamente disponibili, può far perdere di vista gli sviluppi recenti in materia di sicurezza, dandoti un falso senso di sicurezza.
</div>
È **essenziale** comprendere che la scansione del tuo dispositivo, in cerca di indicatori pubblici di compromissione, **non è sufficiente** per determinare che un dispositivo sia "pulito", e non sia stato preso di mira da uno strumento spyware in particolare. Affidarsi a questi strumenti di scansione pubblicamente disponibili può far perdere di vista i recenti sviluppi della sicurezza e dare un falso senso di sicurezza.
## Consigli Generali
Gran parte degli exploit di sistema sui dispositivi mobili moderni, specialmente le compromissioni senza click, non sono persistenti, a significare che non resteranno, né saranno eseguiti automaticamente, dopo un riavvio. Per questo, ti consigliamo vivamente di riavviare regolarmente il tuo dispositivo. Consigliamo a tutti di riavviare il proprio dispositivo almeno una volta a settimana, ma se i malware non persistenti ti preoccupano particolarmente, noi e molti esperti in sicurezza, consigliamo di pianificare dei riavvii quotidiani.
La maggior parte degli exploit a livello di sistema sui moderni dispositivi mobili, in particolare le compromissioni zero-click, non sono persistenti, ovvero non rimangono o vengono eseguiti automaticamente dopo un riavvio. Per questo motivo, si consiglia di riavviare regolarmente il dispositivo. Consigliamo a tutti di riavviare i dispositivi almeno una volta alla settimana, ma se i malware non persistenti ti preoccupano particolarmente, noi e molti esperti di sicurezza consigliamo un programma di riavvio quotidiano.
Ciò significa che un malintenzionato dovrebbe reinfettare regolarmente il tuo dispositivo per mantenere l'accesso, sebbene noteremo che non sia possibile. Inoltre, riavviare il tuo dispositivo non ti protegge dai malware **permanenti**, ma questi sono meno comuni sui dispositivi mobili, a causa di funzionalità di sicurezza moderne come l'avvio sicuro/verificato.
Ciò significa che un aggressore dovrebbe reinfettare regolarmente il dispositivo per mantenere l'accesso, anche se non è impossibile. Inoltre, il riavvio del dispositivo non ti protegge da malware _persistente_, ma questo è meno comune sui dispositivi mobili grazie alle moderne funzioni di sicurezza come il secure/verified boot.
## Informazioni ed esonero di responsabilità post-compromissione
Se uno dei seguenti strumenti indica una potenziale compromissione da spyware, come Pegasus, Predator, o KingsPawn, ti consigliamo di contattare:
Se uno dei seguenti strumenti indica una potenziale compromissione da parte di spyware come Pegasus, Predator o KingsPawn, consigliamo di contattare:
- Se ti occupi della difesa dei diritti umani, di giornalismo o fai parte di un'organizzazione della società civile: [Laboratorio sulla sicurezza di Amnesty International](https://securitylab.amnesty.org/contact-us/)
- Se un dispositivo aziendale o governativo è compromesso: contatta il responsabile della sicurezza della tua azienda, dipartimento o agenzia
@ -35,52 +36,57 @@ Gli strumenti su questa pagina possono esclusivamente rilevare gli indicatori di
- Considerare la completa sostituzione del dispositivo
- Considerare di cambiare il tuo numero SIM/eSIM
- Non ripristinare da un backup, poiché, questo, potrebbe essere compromesso
- Not restore from a backup, because that backup may be compromised
Questi strumenti forniscono analisi basate sulle informazioni cui possono accedere dal tuo dispositivo, nonché sugli indicatori di compromissione pubblicamente accessibili. È importante tenere a mente due cose:
These tools provide analysis based on the information they have the ability to access from your device, and publicly-accessible indicators of compromise. It is important to keep in mind two things:
1. Gli indicatori di compromesso sono semplicemente **indicatori**. Non sono un risultato definitivo e potrebbero occasionalmente rappresentare dei **falsi positivi**. Se viene rilevato un indicatore di compromissione, significa che dovresti svolgere ulteriori ricerche sulla minaccia **potenziale**.
2. Gli indicatori di compromissione cercati da questi strumenti, sono pubblicati dalle organizzazioni di ricerca sulle minacce, ma non tutti sono resi disponibili al pubblico! Ciò significa che questi strumenti possono generare un **falso negativo**, se il tuo dispositivo è infettato da spyware non rilevati da alcun indicatore pubblico. Un supporto e triage forense digitale affidabile e completo, richiedono l'accesso a indicatori, ricerca e informazioni sulle minacce non pubblici.
1. Indicators of compromise are just that: _indicators_. They are not a definitive finding, and may occasionally be **false positives**. If an indicator of compromise is detected, it means you should do additional research into the _potential_ threat.
2. The indicators of compromise these tools look for are published by threat research organizations, but not all indicators are made available to the public! This means that these tools can present a **false negative**, if your device is infected with spyware which is not detected by any of the public indicators. Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
## Strumenti di verifica esterni
## External Verification Tools
Gli strumenti di verifica esterni operano sul tuo computer, scansionando il tuo dispositivo mobile, in cerca di tracce forensi che siano utili a identificare le potenziali compromissioni.
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger "Attenzione"
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Gli indicatori pubblici di compromissione non sono sufficienti per determinare che un dispositivo sia "pulito" e non preso di mira da uno strumento spyware in particolare. L'affidamento ai soli indicatori pubblici, può non tenere conto delle tracce forensi recenti e dare un falso senso di sicurezza.
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Un supporto e triage forense digitale affidabile e completo richiede l'accesso a indicatori, ricerca e informazioni sulle minacce non pubblici.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Tale supporto è disponibile alla società civile tramite il [Laboratorio sulla sicurezza di Amnesty International](https://www.amnesty.org/en/tech) o il [Telesoccorso sulla sicurezza digitale di Access Now](https://www.accessnow.org/help-it/).
```
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
</div>
Questi strumenti possono causare dei falsi positivi. Se uno di questi strumenti rileva degli indicatori di compromissione, devi approfondire per determinare i rischi effettivi. Alcuni rapporti potrebbero essere falsi positivi basati sui siti web che hai visitato in passato, e i risultati risalenti a molti anni fa, potrebbero essere falsi positivi, o indicare compromissioni precedenti (e non più attive).
### Mobile Verification Toolkit
!!! recommendation "consiglio"
<div class="admonition recommendation" markdown>
```
![Logo di MVT](assets/img/device-integrity/mvt.webp){ align=right }
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) è una raccolta di utilità che semplificano e automatizzano il processo di scansione dei dispositivi mobili, alla ricerca di potenziali tracce di violazione o infezione, da campagne note di spyware. MVT è stata sviluppata da Amnesty International e rilasciata nel 2021, nel contesto del [Progetto Pegasus](https://forbiddenstories.org/about-the-pegasus-project/).
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Codice Sorgente" }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning "Attenzione"
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Utilizzare MVT non è sufficiente per determinare che un dispositivo sia "pulito" e non preso di mira da uno strumento spyware in particolare.
```
</div>
MVT è _più_ utile per scansionare i dispositivi iOS. Android memorizza pochissime informazioni diagnostiche utili per il triage delle potenziali compromissioni e, per questo, anche le capacità di `mvt-android` sono limitate. D'altra parte, in molti casi, i backup crittografati di iTunes per iOS forniscono un sottoinsieme di file memorizzati sul dispositivo abbastanza ampio, per rilevare gli artefatti sospetti. Detto ciò, MTV fornisce comunque strumenti abbastanza utili per l'analisi sia su iOS che su Android.
@ -98,23 +104,25 @@ MVT ti consente di eseguire scansioni/analisi più approfondite, se il tuo dispo
### iMazing (iOS)
!!! recommendation "consiglio"
<div class="admonition recommendation" markdown>
```
![Logo di iMazing](assets/img/device-integrity/imazing.png){ align=right }
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** fornisce uno strumento gratuito di analisi degli spyware per i dispositivi iOS, che agisce da GUI-wrapper per [MVT](#mobile-verification-toolkit).
Può essere molto più facile da eseguire rispetto allo stesso MVT, uno strumento a riga di comando progettato per esperti di tecnologia e investigatori forensi.
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
[:octicons-home-16: Homepage](https://imazing.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Politica sulla Privacy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentazione}
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads "Scarica"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automatizza e ti guida interattivamente al procedimento di utilizzo di [MVT](#mobile-verification-toolkit) per scansionare il tuo dispositivo, in cerca di indicatori pubblicamente accessibili di compromissione, pubblicati da vari ricercatori delle minacce. Tutte le informazioni e gli avvisi che si applicano a MVT, si applicano anche a questo strumento, quindi, ti suggeriamo di familiarizzare con le note su MVT, nelle sezioni precedenti.
@ -122,34 +130,38 @@ iMazing automatizza e ti guida interattivamente al procedimento di utilizzo di [
Si tratta di app installabili che controllano il tuo dispositivo e il sistema operativo, in cerca di segni di manomissione, convalidandone l'identità.
!!! warning "Attenzione"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
L'utilizzo di queste app non è sufficiente per determinarre che un dispositivo sia "pulito" e non preso di mira da uno strumento spyware in particolare.
```
</div>
### Auditor (Android)
!!! recommendation "consiglio"
<div class="admonition recommendation" markdown>
```
![Logo di Auditor](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Logo di Auditor](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
**Auditor** è un'app che sfrutta le funzionalità di sicurezza hardware per fornire il monitoraggio dell'integrità del dispositivo, convalidando attivamente l'integrità di un dispositivo e l'iintegrità del suo sistema operativo. Al momento, funziona soltanto con GrapheneOS o il sistema operativo di fabbrica per i [dispositivi supportati](https://attestation.app/about#device-support).
**Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).
[:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Politica sulla Privacy" }
[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentazione}
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Codice Sorgente" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribuisci }
[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://attestation.app/about){ .card-link title=Documentation}
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads "Scarica"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play&gl=It)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor non è uno strumento di scansione/analisi come altri elencati su questa pagina, piuttosto, utilizza il keystore supportato dal hardware del tuo dispositivo, per consentirti di verificarne l'identità e avere la certezza che il sistema operativo stesso non sia stato manomesso o declassato, tramite l'avvio verificato. Ciò fornisce un controllo d'integrità molto robusto del tuo stesso dispositivo, ma non verifica necessariamente che le app a livello utente, eseguite sul tuo dispositivo, siano dannose.
@ -171,51 +183,58 @@ Se il tuo [modello di minaccia](basics/threat-modeling.md) richiede la privacy,
Si tratta di app che puoi installare sul tuo dispositivo, che lo scansionano in cerca di segni di compromissione.
!!! warning "Attenzione"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
L'utilizzo di queste app non è sufficiente per determinare che un dispositivo sia "pulito" e non preso di mira da uno strumento spyware in particolare.
```
</div>
### Hypatia (Android)
!!! recommendation "consiglio"
<div class="admonition recommendation" markdown>
```
![Logo di Hypatia](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Logo di Hypatia](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
**Hypatia** è uno scanner di malware in tempo reale open source per Android, realizzato dallo sviluppatore di [DivestOS](android.md#divestos). Accede a Internet per scaricare gli aggiornamenti del database delle firme, ma non carica i tuoi file o i tuoi metadati sul cloud (le scansioni vengono eseguite interamente in locale).
**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
[:octicons-home-16: Pagina Principale](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Politica sulla Privacy" }
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Codice Sorgente" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribuisci }
[:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads "Scarica"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia è particolarmente abile nel rilevare gli stalkerware più comuni: se sospetti di esserne vittima, dovresti [visitare questa pagina](https://stopstalkerware.org/information-for-survivors/) per ricevere consigli a riguardo.
### iVerify (iOS)
!!! recommendation "consiglio"
<div class="admonition recommendation" markdown>
```
![Logo di iVerify](assets/img/device-integrity/iverify.webp){ align=right }
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** è un'app per iOS che scansiona automaticamente il tuo dispositivo per verificarne le impostazioni di configurazione, il livello di correzione e altre aree di sicurezza. Inoltre, verifica la presenza di indicatori di compromissione del tuo dispositivo, da parte di strumenti per jailbreak o spyware, come Pegasus.
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
[:octicons-home-16: Pagina Principale](https://www.iverify.io/consumer){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Politica sulla Privacy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentazione}
[:octicons-home-16: Homepage](https://www.iverify.io/consumer){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads "Scarica"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/it/app/iverify-secure-your-phone/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Come tutte le app per iOS, iVerify è limitata in ciò che può osservare sul tuo dispositivo, dalla Sandbox delle app di iOS. Non fornirà un'analisi robusta come quella di uno strumento di analisi dell'intero sistema come [MVT](#mobile-verification-toolkit). La sua funzione principale è rilevare se il tuo dispositivo ha subito il jailbreak, cosa in cui è efficiente, tuttavia, una minaccia ipotetica progettata _specificamente_ per superare i controlli di iVerify, potebbe riuscire nel proprio intento.

114
i18n/ja/device-integrity.md
View File

@ -7,15 +7,16 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
## 一般的なアドバイス
## General Advice
The majority of system-level exploits on modern mobile devices—especially zero-click compromises—are non-persistent, meaning they will not remain or run automatically after a reboot. For this reason, we highly recommend rebooting your device regularly. We recommend everybody reboot their devices once a week at minimum, but if non-persistent malware is of particular concern for you, we and many security experts recommend a daily reboot schedule.
@ -27,7 +28,7 @@ If any of the following tools indicate a potential compromise by spyware such as
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us/)
- If a business or government device is compromised: Contact the appropriate security liason at your enterprise, department, or agency
- 地元警察
- Local law enforcement
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
@ -42,27 +43,27 @@ These tools provide analysis based on the information they have the ability to a
1. Indicators of compromise are just that: _indicators_. They are not a definitive finding, and may occasionally be **false positives**. If an indicator of compromise is detected, it means you should do additional research into the _potential_ threat.
2. The indicators of compromise these tools look for are published by threat research organizations, but not all indicators are made available to the public! This means that these tools can present a **false negative**, if your device is infected with spyware which is not detected by any of the public indicators. Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
## 外部検証ツール
## External Verification Tools
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! 警告
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### モバイル検証ツールキット
!!! 推奨事項
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! 警告
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! 推奨事項
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! 警告
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! 推奨事項
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! 警告
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! 推奨事項
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! 推奨事項
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/ko/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger "위험"
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning "경고"
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning "경고"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning "경고"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/ku-IQ/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/nl/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger "Gevaar"
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/pl/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! rekomendacja
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! rekomendacja
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! rekomendacja
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! rekomendacja
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! rekomendacja
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/pt-BR/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

113
i18n/pt/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,24 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! Isto permite-nos fornecer recomendações completamente objectivas.</strong> Desenvolvemos um conjunto claro de requisitos para qualquer provedor de VPN que deseje ser recomendado, incluindo criptografia forte, auditorias de segurança independentes, tecnologia moderna, e muito mais.
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! nota
Consulte o <a href="https://openwrt.org/toh/start">Tabela de Hardware</a> para verificar se o seu dispositivo é suportado.
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -71,17 +71,22 @@ Consulte o <a href="https://openwrt.org/toh/start">Tabela de Hardware</a> para v
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! Recomendamos que você verifique o <a href="https://developers.yubico.com/SSH/">documentação</a> de Yubico sobre como configurar isso.
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -99,10 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! nota
Consulte o <a href="https://openwrt.org/toh/start">Tabela de Hardware</a> para verificar se o seu dispositivo é suportado.
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -111,11 +114,15 @@ Consulte o <a href="https://openwrt.org/toh/start">Tabela de Hardware</a> para v
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -123,18 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! Recomendamos que você verifique o <a href="https://developers.yubico.com/SSH/">documentação</a> de Yubico sobre como configurar isso.
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! nota
Consulte o <a href="https://openwrt.org/toh/start">Tabela de Hardware</a> para verificar se o seu dispositivo é suportado.
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -146,12 +152,16 @@ Consulte o <a href="https://openwrt.org/toh/start">Tabela de Hardware</a> para v
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -173,18 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! Recomendamos que você verifique o <a href="https://developers.yubico.com/SSH/">documentação</a> de Yubico sobre como configurar isso.
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! nota
Consulte o <a href="https://openwrt.org/toh/start">Tabela de Hardware</a> para verificar se o seu dispositivo é suportado.
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -195,19 +204,21 @@ Consulte o <a href="https://openwrt.org/toh/start">Tabela de Hardware</a> para v
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! nota
Consulte o <a href="https://openwrt.org/toh/start">Tabela de Hardware</a> para verificar se o seu dispositivo é suportado.
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -216,10 +227,14 @@ Consulte o <a href="https://openwrt.org/toh/start">Tabela de Hardware</a> para v
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/ru/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! recommendation
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning "Осторожно"
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning "Осторожно"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning "Осторожно"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/sv/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! fara
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! varning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! varning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! varning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/tr/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! öneri
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! öneri
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! öneri
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! öneri
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! öneri
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/uk/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! рекомендації
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! рекомендації
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! рекомендації
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! рекомендації
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! рекомендації
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

108
i18n/vi/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! danger
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! khuyến nghị
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! khuyến nghị
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! khuyến nghị
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! warning
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! khuyến nghị
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! khuyến nghị
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.

166
i18n/zh-Hant/device-integrity.md
View File

@ -7,76 +7,86 @@ cover: device-integrity.webp
這些工具可用於驗證行動裝置的完整性,檢查它們是否有間諜軟體和惡意軟體(例如 Pegasus、Predator 或 KingsPawn的危害跡象。 本頁重點關注**行動安全性**,因為行動裝置通常具有為人所知配置的唯讀系統,檢測惡意修改比傳統桌面系統更容易。 將來可能會再擴展此頁面的重點。
!!! 注意“這是進階主題”
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
這些工具可能為某些人提供實用性,但大多數人無需擔心也用不上的功能,通常需要更深入的技術知識才能有效使用。
```
這些工具可能對某些人很實用。 They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
**至關重要**是了解,掃描設備是否存在公共危害跡象**不足以**確定設備是“乾淨的”、是否為特定間諜軟體工具的目標。 依賴這些公開可用的掃描工具可能會錯過最新的安全發展,帶來錯誤的安全感。
</div>
## 一般建議
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
現代行動裝置上的大多數系統級漏洞(尤其是零點擊攻擊)都是非持久性的,這意味著它們在重新啟動後不會保留或自動運行。 因此,強烈建議定期重新啟動裝置。 我們建議每個設備至少每週重新啟動一次,但如果特別關注非持久性惡意軟體,我們和許多安全專家建議每日重新啟動計劃。
## General Advice
這意味著攻擊者必須定期重新感染裝置才能保留存取權限,儘管我們指出這並非不可能。 重新啟動裝置也無法確保免受「持久性」惡意軟體的侵害,但由於安全/驗證啟動等現代安全功能,這種情況在行動裝置上不太常見。
The majority of system-level exploits on modern mobile devices—especially zero-click compromises—are non-persistent, meaning they will not remain or run automatically after a reboot. For this reason, we highly recommend rebooting your device regularly. We recommend everybody reboot their devices once a week at minimum, but if non-persistent malware is of particular concern for you, we and many security experts recommend a daily reboot schedule.
## 駭漏後資訊和免責聲明
This means an attacker would have to regularly re-infect your device to retain access, although we'll note this is not impossible. Rebooting your device also will not protect you against _persistent_ malware, but this is less common on mobile devices due to modern security features like secure/verified boot.
如果以下任何工具表明可能有 Pegasus、Predator 或 KingsPawn 等間諜軟體危害,建議聯絡:
## Post-Compromise Information & Disclaimer
- 如果您是人權捍衛者、記者或來自民間團體:[國際特赦組織安全實驗室](https://securitylab.amnesty.org/contact-us/)
- 如果企業或政府設備受到威脅:請聯絡企業、部門或機構的相應安全聯絡員
- 本地執法單位
If any of the following tools indicate a potential compromise by spyware such as Pegasus, Predator, or KingsPawn, we advise that you contact:
**除此之外,我們無法直接為您提供幫助。** 我們很樂意在我們的[社區](https://discuss.privacyguides.net)空間中討論您的具體情況或情況並檢查結果,但不太可能提供本頁所述之外的協助。
- If you are a human rights defender, journalist, or from a civil society organization: [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us/)
- If a business or government device is compromised: Contact the appropriate security liason at your enterprise, department, or agency
- Local law enforcement
此頁面上的工具只能偵測破壞跡象,而不能刪除它們。 如果擔心受到威脅,我們建議:
**We are unable to help you directly beyond this.** We are happy to discuss your specific situation or circumstances and review your results in our [community](https://discuss.privacyguides.net) spaces, but it is unlikely we can assist you beyond what is written on this page.
- 考慮完全更換設備
- 考慮更改 SIM/eSIM 號碼
- 不要從備份重置,因為該備份可能已受到損害
The tools on this page are only capable of detecting indicators of compromise, not removing them. If you are concerned about having been compromised, we advise that you:
這些工具根據他們能夠從裝置存取的資訊以及可公開存取的破壞指標提供分析。 重要的是記住兩件事:
- Consider replacing the device completely
- Consider changing your SIM/eSIM number
- Not restore from a backup, because that backup may be compromised
1. 破壞指標就僅是_指標_。 它們不是明確的發現,有時可能是**誤報**。 如果偵測到有侵駭跡象,則表示應對「潛在」威脅進行更多研究。
2. 這些工具尋找的侵駭指標由威脅研究組織發布,但並非所有指標都對外開放! 這意味著,如果裝置感染了任何公共指標都未偵測到的間諜軟體,則工具可能會**漏報**。 可靠且全面的數位鑑識支援和分類需要存取非公開指標、研究和威脅情報。
These tools provide analysis based on the information they have the ability to access from your device, and publicly-accessible indicators of compromise. It is important to keep in mind two things:
## 外部驗證工具
1. Indicators of compromise are just that: _indicators_. They are not a definitive finding, and may occasionally be **false positives**. If an indicator of compromise is detected, it means you should do additional research into the _potential_ threat.
2. The indicators of compromise these tools look for are published by threat research organizations, but not all indicators are made available to the public! This means that these tools can present a **false negative**, if your device is infected with spyware which is not detected by any of the public indicators. Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
外部驗證工具在電腦上運行,掃描行動裝置以查找取證痕跡,這有助於識別潛在的危害。
## External Verification Tools
!!! danger "危險"
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
```
公開的侵駭指標不足以確定設備是“乾淨的”,且不是特定間諜軟體工具的目標。 僅依賴公開指標可能會錯過最近的鑑證痕跡並給人一種錯誤的安全感。
```
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
</div>
這些工具可能會引發誤報。 如果這些工具中的任何一個發現侵入破壞跡象,需要更深入地挖掘以確定實際風險。 一些報告可能是基於過去訪問過網站的誤報,而多年以前的發現可能是誤報或表明以前(且不再活躍)的問題。
### 行動設備驗證工具包
!!! 推薦
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**移動驗證工具包** (**MVT**) 是一組實用程式,可簡化和自動化掃描移動設備的過程,查找已知間諜軟體活動的潛在目標或感染痕跡。 MVT 由國際特赦組織開發, 2021 年在 [Pegasus 專案](https://forbiddenstories.org/about-the-pegasus-project/) 背景下發布。
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads "下載"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! warning "警告"
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
使用 MVT 應用程式不足以確定設備是“乾淨的”,不是特定間諜軟體工具的目標。
```
</div>
MVT 對掃描 iOS 裝置「最」有用。 Android 儲存可用於分類潛在危害的診斷資訊非常少因此「mvt-android」功能也受到限制。 另一方面,加密的 iOS iTunes 備份提供儲存在裝置上足夠大的檔案子集,可在許多情況下偵測可疑工件。 話雖這麼說MVT 仍為 iOS 和 Android 分析相當有用的工具。
@ -94,22 +104,25 @@ MVT 對掃描 iOS 裝置「最」有用。 Android 儲存可用於分類潛在
### iMazing (iOS)
!!! 推薦
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** 為 iOS 裝置提供免費的間諜軟體分析,充當 [MVT](#mobile-verification-toolkit) 的 GUI 包裝器。 與 MVT 本身相比這更容易運行MVT 是專為技術人員和鑑識調查人員設計的命令列工具。
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
[:octicons-home-16: Homepage](https://imazing.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads "下載"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing 會自動並以互動方式引導完成使用 [MVT](#mobile-verification-toolkit) 掃描裝置,尋找由各種威脅研究人員發布的可公開存取的入侵指標。 適用於 MVT 的所有資訊和警告也適用於此工具,因此建議熟悉上述部分中有關 MVT 的說明。
@ -117,21 +130,21 @@ iMazing 會自動並以互動方式引導完成使用 [MVT](#mobile-verification
可安裝這些應用程式來檢查裝置和作業系統是否有篡改跡象,並驗證裝置的身份。
!!! warning "警告"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
使用這些應用程式不足以確定設備是“乾淨的”,並不是特定間諜軟體工具的目標。
```
</div>
### Auditor (Android)
!!! 推薦
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
**Auditor** 利用硬體安全功能透過主動驗證裝置身分及其作業系統完整性來提供裝置完整性監控。 目前僅適用於 GrapheneOS 或[支援的設備](https://attestation.app/about#device-support) 的庫存作業系統。
**Auditor** is an app which leverages hardware security features to provide device integrity monitoring by actively validating the identity of a device and the integrity of its operating system. Currently, it only works with GrapheneOS or the stock operating system for [supported devices](https://attestation.app/about#device-support).
[:octicons-home-16: Homepage](https://attestation.app){ .md-button .md-button--primary }
[:octicons-eye-16:](https://attestation.app/privacy-policy){ .card-link title="Privacy Policy" }
@ -139,16 +152,20 @@ iMazing 會自動並以互動方式引導完成使用 [MVT](#mobile-verification
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads "下載"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor 不像本頁的其他某些掃描/分析工具,而是使用裝置的硬體支援金鑰庫來允許驗證裝置的身份並確保作業系統本身沒有被篡改或透過驗證啟動降級。 這為裝置本身提供了非常強大的完整性檢查,但不一定檢查裝置上執行的使用者級應用程式是否是惡意的。
審核員使用**兩個**設備執行證明和入侵檢測即一個_被審核者_正在驗證的設備和一個_審核員_執行驗證的設備。 審核者可以是任何Android 10+ 裝置(或由[GrapheneOS](android.md#grapheneos) 運行的遠端Web 服務),而受審核者必須是專門的\[支援的裝置]\(https\://attestation.app /about #device-support。 Auditor 適用於:
審核員使用**兩個**設備執行證明和入侵檢測即一個_被審核者_正在驗證的設備和一個_審核員_執行驗證的設備。 審核者可以是任何Android 10+ 裝置(或由[GrapheneOS](android.md#grapheneos) 運行的遠端Web 服務),而受審核者必須是專門的[支援的裝置](https\://attestation.app /about #device-support。 Auditor 適用於:
- 在_審核員_和_被審核者_之間使用 [Trust On First Use (TOFU)](https://en.wikipedia.org/wiki/Trust_on_first_use) 模式,雙方在兩人在[硬體支援的金鑰庫](https://source.android.com/security/keystore/)the pair establish a private key in the [hardware-backed keystore](https://source.android.com/security/keystore/)中建立 _審計員_私鑰。
- _審核員_可以是審核員應用程式的另一個實例也可以是[遠端憑證服務](https://attestation.app)。
@ -166,51 +183,58 @@ Auditor 不像本頁的其他某些掃描/分析工具,而是使用裝置的
可在設備上安裝這些應用程序,這些應用程式會掃描裝置是否有遭駭洩漏跡象。
!!! warning "警告"
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
使用這些應用程式不足以確定設備是“乾淨的”,並不是特定間諜軟體工具的目標。
```
</div>
### Hypatia (Android)
!!! 推薦
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
**Hypatia** 是一款用於 Android 的開源即時惡意軟體掃描程式,由 [DivestOS](android.md#divestos) 開發。 它訪問網際網路下載簽名資料庫更新,但不會將您的檔案或任何元資料上傳到雲端(掃描完全在本地執行)。
**Hypatia** is an open source real-time malware scanner for Android, from the developer of [DivestOS](android.md#divestos). It accesses the internet to download signature database updates, but does not upload your files or any metadata to the cloud (scans are performed entirely locally).
[:octicons-home-16: Homepage](https://divestos.org/pages/our_apps#hypatia){ .md-button .md-button--primary }
[:octicons-eye-16:](https://divestos.org/pages/privacy_policy#hypatia){ .card-link title="Privacy Policy" }
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads "下載"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia 特別擅長偵測常見的追蹤軟體:如果懷疑自己是追蹤軟體的受害者,請[造訪此頁面](https://stopstalkerware.org/information-for-survivors/) 尋求建議。
### iVerify (iOS)
!!! 推薦
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** 是一款 iOS 應用程式,會自動掃描裝置以檢查配置設定、修補程式等級和其他安全性領域。 它還會檢查裝置是否有被 jailbreak 工具或間諜軟體(例如 Pegasus)入侵的跡象。
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
[:octicons-home-16: Homepage](https://www.iverify.io/consumer){ .md-button .md-button--primary }
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads "下載"
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
與所有 iOS 應用程式一樣iVerify 僅限於從 iOS 應用程式沙箱內觀察裝置。 它無法提供像 [MVT](#mobile-verification-toolkit) 全系統分析工具的強大分析。 它的主要功能是檢測設備是否 jailbroken但是「專門」設計用於繞過 iVerify 檢查的假設威脅很可能會成功做到這一點。

108
i18n/zh/device-integrity.md
View File

@ -7,11 +7,12 @@ cover: device-integrity.webp
These tools can be used to validate the integrity of your mobile devices and check them for indicators of compromise by spyware and malware such as Pegasus, Predator, or KingsPawn. This page focuses on **mobile security**, because mobile devices typically have read-only systems with well-known configurations, so detecting malicious modifications is easier than on traditional desktop systems. We may expand the focus of this page in the future.
!!! note "This is an advanced topic"
<div class="admonition note" markdown>
<p class="admonition-title">This is an advanced topic</p>
```
These tools may provide utility for certain individuals. They provide functionality which most people do not need to worry about, and often require more in-depth technical knowledge to use effectively.
```
</div>
It is **critical** to understand that scanning your device for public indicators of compromise is **not sufficient** to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on these publicly-available scanning tools can miss recent security developments and give you a false sense of security.
@ -46,23 +47,23 @@ These tools provide analysis based on the information they have the ability to a
External verification tools run on your computer and scan your mobile device for forensic traces which are helpful to identify potential compromise.
!!! 危险
<div class="admonition danger" markdown>
<p class="admonition-title">Danger</p>
```
Public indicators of compromise are insufficient to determine that a device is "clean", and not targeted with a particular spyware tool. Reliance on public indicators alone can miss recent forensic traces and give a false sense of security.
Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence.
Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or [Access Nows Digital Security Helpline](https://www.accessnow.org/help/).
```
</div>
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you've visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
### Mobile Verification Toolkit
!!! recommendation
<div class="admonition recommendation" markdown>
```
![MVT logo](assets/img/device-integrity/mvt.webp){ align=right }
**Mobile Verification Toolkit** (**MVT**) is a collection of utilities which simplifies and automates the process of scanning mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT was developed by Amnesty International and released in 2021 in the context of the [Pegasus Project](https://forbiddenstories.org/about-the-pegasus-project/).
@ -70,17 +71,22 @@ These tools can trigger false-positives. If any of these tools finds indicators
[:octicons-home-16: Homepage](https://mvt.re/){ .md-button .md-button--primary }
[:octicons-code-16:](https://github.com/mvt-project/mvt){ .card-link title="Source Code" }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
```
- [:simple-apple: macOS](https://docs.mvt.re/en/latest/install/)
- [:simple-linux: Linux](https://docs.mvt.re/en/latest/install/)
!!! 推荐
</details>
</div>
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using MVT is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
MVT is _most_ useful for scanning iOS devices. Android stores very little diagnostic information useful to triage potential compromises, and because of this `mvt-android` capabilities are limited as well. On the other hand, encrypted iOS iTunes backups provide a large enough subset of files stored on the device to detect suspicious artifacts in many cases. This being said, MVT does still provide fairly useful tools for both iOS and Android analysis.
@ -98,9 +104,8 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
### iMazing (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iMazing logo](assets/img/device-integrity/imazing.png){ align=right }
**iMazing** provides a free spyware analyzer tool for iOS devices which acts as a GUI-wrapper for [MVT](#mobile-verification-toolkit). This can be much easier to run compared to MVT itself, which is a command-line tool designed for technologists and forensic investigators.
@ -109,11 +114,15 @@ MVT allows you to perform deeper scans/analysis if your device is jailbroken. Un
[:octicons-eye-16:](https://imazing.com/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://imazing.com/spyware-analyzer){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
```
- [:simple-windows11: Windows](https://imazing.com/download)
- [:simple-apple: macOS](https://imazing.com/download)
</details>
</div>
iMazing automates and interactively guides you through the process of using [MVT](#mobile-verification-toolkit) to scan your device for publicly-accessible indicators of compromise published by various threat researchers. All of the information and warnings which apply to MVT apply to this tool as well, so we suggest you also familiarize yourself with the notes on MVT in the sections above.
@ -121,17 +130,17 @@ iMazing automates and interactively guides you through the process of using [MVT
These are apps you can install which check your device and operating system for signs of tampering, and validate the identity of your device.
!!! 推荐
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Auditor (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Auditor logo](assets/img/device-integrity/auditor.svg#only-light){ align=right }
![Auditor logo](assets/img/device-integrity/auditor-dark.svg#only-dark){ align=right }
@ -143,12 +152,16 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://attestation.app/source){ .card-link title="Source Code" }
[:octicons-heart-16:](https://attestation.app/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
```
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.attestation.auditor.play)
- [:simple-github: GitHub](https://github.com/GrapheneOS/Auditor/releases)
- [:material-cube-outline: GrapheneOS App Store](https://github.com/GrapheneOS/Apps/releases)
</details>
</div>
Auditor is not a scanning/analysis tool like some other tools on this page, rather it uses your device's hardware-backed keystore to allow you to verify the identity of your device and gain assurance that the operating system itself hasn't been tampered with or downgraded via verified boot. This provides a very robust integrity check of your device itself, but doesn't necessarily check whether the user-level apps running on your device are malicious.
@ -170,17 +183,17 @@ If your [threat model](basics/threat-modeling.md) requires privacy, you could co
These are apps you can install on your device which scan your device for signs of compromise.
!!! 推荐
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
```
Using these apps is insufficient to determine that a device is "clean", and not targeted with a particular spyware tool.
```
</div>
### Hypatia (Android)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![Hypatia logo](assets/img/device-integrity/hypatia.svg#only-light){ align=right }
![Hypatia logo](assets/img/device-integrity/hypatia-dark.svg#only-dark){ align=right }
@ -191,18 +204,21 @@ Using these apps is insufficient to determine that a device is "clean", and not
[:octicons-code-16:](https://github.com/divested-mobile/hypatia){ .card-link title="Source Code" }
[:octicons-heart-16:](https://divested.dev/pages/donate){ .card-link title=Contribute }
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
```
- [:simple-android: F-Droid](https://f-droid.org/packages/us.spotco.malwarescanner/)
</details>
</div>
Hypatia is particularly good at detecting common stalkerware: If you suspect you are a victim of stalkerware, you should [visit this page](https://stopstalkerware.org/information-for-survivors/) for advice.
### iVerify (iOS)
!!! recommendation
<div class="admonition recommendation" markdown>
```
![iVerify logo](assets/img/device-integrity/iverify.webp){ align=right }
**iVerify** is an iOS app which automatically scans your device to check configuration settings, patch level, and other areas of security. It also checks your device for indicators of compromise by jailbreak tools or spyware such as Pegasus.
@ -211,10 +227,14 @@ Hypatia is particularly good at detecting common stalkerware: If you suspect you
[:octicons-eye-16:](https://www.iverify.io/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://www.iverify.io/frequently-asked-questions#iVerify-General){ .card-link title=Documentation}
??? downloads
<details class="downloads" markdown>
<summary>Downloads</summary>
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
```
- [:simple-appstore: App Store](https://apps.apple.com/us/app/iverify/id1466120520)
</details>
</div>
Like all iOS apps, iVerify is restricted to what it can observe about your device from within the iOS App Sandbox. It will not provide nearly as robust analysis as a full-system analysis tool like [MVT](#mobile-verification-toolkit). Its primary function is to detect whether your device is jailbroken, which it is effective at, however a hypothetical threat which is _specifically_ designed to bypass iVerify's checks would likely succeed at doing so.