Triangle Check Utility
Triangle Check, a creation of Kaspersky Lab, is a sophisticated script designed to empower users in scanning iTunes backups for potential compromise indicators related to Operation Triangulation. Its advanced mechanism bears resemblance to the Pegasus Project, an elite-level surveillance tool developed by the Israeli company NSO Group for its clientele. Pegasus tool has been used in more than 50 countries since 2016.
Download Triangle Check
The Triangle Check Utility has been unveiled as an open-source project, scripted in the Python programming language. For compatibility with both Windows and Linux, the developer has thoughtfully provided alternative binary builds of the triangle_check utility. The recommended method for installation is via PyPI. Triangle Check can be also installed on macOS.
What is Triangle Check?
Triangle Check, a Python script, serves as a valuable tool for automatically detecting potential compromises on your iPhone through the Operation Triangulation exploit. This exploit has the capability to gain full control over your device without requiring any user interaction. It is typically deployed through a text message sent to the victim's iPhone and operates discreetly, automatically removing itself without the user's knowledge of the intrusion.
Due to the limited accessibility to the device file system, Triangle Check necessitates the creation of an iPhone backup using iTunes or Finder. This command-line tool is designed to scan iTunes backups for any indications of compromise linked to Operation Triangulation.
Additionally, Triangle Check extends support to encrypted iTunes backups; however, it is imperative to possess the password for decryption. Encrypted iTunes or libimobiledevice backups yield a more comprehensive set of data for analysis.
The "Encrypt local backup" feature, accessible in Finder or iTunes, plays a crucial role in safeguarding and encoding your data. When opting for encrypted backups, a broader spectrum of information is included, comprising saved passwords, Wi-Fi settings, website history, health data, and call history. Triangle Check can decrypt all data with a given password.
However, it's essential to be aware that encrypted backups deliberately exclude certain sensitive data, such as Face ID, Touch ID, or device passcode information. This strategy ensures the security and privacy of the most confidential aspects of your iPhone.
Triangle Check meticulously examines the backup file, scrutinizing for any lingering signs of potential malware installation. The scanning process extends to various elements within the system, including but not limited to the Library/SMS/Attachments/ directory.
It specifically looks for remnants of potential malware introduced through modified attachments sent via the Messages app. The scrutiny encompasses the detection of suspicious data within .plist files, the identification of a fake malware utility known as BackupAgent, examination of sqlite3 databases, and other relevant indicators that may signify a compromise.
How to install Triangle Check
The Triangle Check Utility is available for download as a binary file compatible with both Windows and Linux. Nevertheless, the recommended approach for installation is through PyPI. This streamlined method is equally applicable to macOS users seeking to install the utility.
python -m pip install triangle_check
Usage: python -m triangle_check /path/to/iTunes_backup [backup_password]