Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Anthony Spadafora

Worried about spyware on your iPhone? iShutdown can reveal if you’ve been infected

Spyware.

When you choose an iPhone over one of the best Android phones, chances are you’re doing so for iMessage, FaceTime and all of Apple’s other apps and features. However, security and privacy are another one of the main reasons many people pick up an iPhone over an Android smartphone.

As the best iPhones and the best MacBooks have become more popular in recent years, they’ve also become a much bigger target for hackers. While you won’t find nearly as much malware on iPhones as on Android devices, there is one big threat you need to look out for: spyware.

From Pegasus to Predator, there are a number of different types of spyware that have been designed to target iPhones. Since Apple’s smartphones are used by everyone from celebrities to politicians, there’s all sorts of valuable financial and personal data that can be stolen by hackers and other cybercriminals.

Although Apple has added new features like Lockdown Mode to better secure its devices, determining whether or not an iPhone had been infected with spyware was quite difficult. Fortunately, security researchers at Kaspersky have developed a new way to determine whether or not spyware is currently present on an iPhone.

Finding traces of spyware with iShutdown

As reported by BleepingComputer, security researchers have now learned that traces of high-profile spyware like Pegasus, Reign and Predator on a compromised iPhone can be discovered by checking the device’s Shutdown.log file. This file logs and stores data every time an iPhone is rebooted.

Checking an iPhone’s Shutdown.log file can be tedious though, which is why Kaspersky has released several Python scripts to help automate the process of analyzing it. At the same time, when compared to other techniques like examining an encrypted iOS backup or network traffic, looking at the Shutdown.log file is much easier.

To this end, Kaspersky has published three Python scripts that the company is calling iShutdown on GitHub. There are also instructions on how to use these scripts along with example outputs.

While this method certainly won’t be for everyone, if you have experience with Python, iOS, terminal output and malware indicators, you might be able to use iShutdown to diagnose your iPhone for any signs of spyware or malware. However, this method will fail if the compromised iPhone in question isn’t rebooted on the day it becomes infected. 

Still, this is quite the breakthrough and should make it easier for security researchers to determine when high-profile targets have had spyware installed on their iPhones.

How to keep your iPhone safe from spyware and malware

(Image credit: robert coolen/Shutterstock)

Even though you may not have the skills nor experience necessary to run these iShutdown scripts on your own, there are still plenty of steps you can take to help keep your iPhone safe from hackers.

For starters, you want to download and install the latest updates from Apple as soon as they become available. The iPhone maker often patches zero-day vulnerabilities and other bugs when it releases an update. By waiting to install these updates though, you’re putting your iPhone and yourself at risk since hackers love to target users that have yet to update their devices.

While there isn’t an iOS equivalent of the best Android antivirus apps due to Apple’s own restrictions, one of the best Mac antivirus software solutions is able to keep both your iPhone and iPad safe from malware. With Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9 you can scan an iPhone or iPad for malware by connecting it to your Mac using a USB cable.

Besides installing updates and scanning for malware, you also want to avoid opening messages and downloading attachments from unknown senders both in your email and on messaging apps. Infecting an iPhone with malware or spyware is difficult but hackers are quite resourceful and as soon as a bug is fixed, they’re looking for a new one to exploit in their attacks.

We’ll have to wait and see if Kaspersky decides to develop its iShutdown scripts further but for the moment, they are free to download and use to find traces of spyware on a compromised iPhone, granted you have the necessary skills to do so.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.