diff --git a/README.md b/README.md index 422508afc..75630b563 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ MVT supports using public [indicators of compromise (IOCs)](https://github.com/m > > Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence. > ->Such support is available to civil society through [Amnesty International's Security Lab](https://www.amnesty.org/en/tech/) or through our forensic partnership with [Access Now’s Digital Security Helpline](https://www.accessnow.org/help/). +>Such support is available to civil society through [Amnesty International's Security Lab](https://securitylab.amnesty.org/get-help/?c=mvt_docs) or through our forensic partnership with [Access Now’s Digital Security Helpline](https://www.accessnow.org/help/). More information about using indicators of compromise with MVT is available in the [documentation](https://docs.mvt.re/en/latest/iocs/). diff --git a/docs/introduction.md b/docs/introduction.md index 6d416d575..b9461cbb6 100644 --- a/docs/introduction.md +++ b/docs/introduction.md @@ -21,7 +21,7 @@ MVT supports using [indicators of compromise (IOCs)](https://github.com/mvt-proj Reliable and comprehensive digital forensic support and triage requires access to non-public indicators, research and threat intelligence. - Such support is available to civil society through [Amnesty International's Security Lab](https://securitylab.amnesty.org/contact-us/) or [Access Now’s Digital Security Helpline](https://www.accessnow.org/help/). + Such support is available to civil society through [Amnesty International's Security Lab](https://securitylab.amnesty.org/get-help/?c=mvt_docs) or [Access Now’s Digital Security Helpline](https://www.accessnow.org/help/). More information about using indicators of compromise with MVT is available in the [documentation](iocs.md). diff --git a/mvt/common/command.py b/mvt/common/command.py index a2cd0625b..963d1dbd2 100644 --- a/mvt/common/command.py +++ b/mvt/common/command.py @@ -160,6 +160,27 @@ def module_init(self, module: MVTModule) -> None: def finish(self) -> None: raise NotImplementedError + def _show_disable_adb_warning(self) -> None: + """Warn if ADB is enabled""" + if type(self).__name__ in ["CmdAndroidCheckADB", "CmdAndroidCheckAndroidQF"]: + self.log.info( + "Please disable Developer Options and ADB (Android Debug Bridge) on the device once finished with the acquisition. " + "ADB is a powerful tool which can allow unauthorized access to the device." + ) + + def _show_support_message(self) -> None: + support_message = "Please seek reputable expert help if you have serious concerns about a possible spyware attack. Such support is available to human rights defenders and civil society through Amnesty International's Security Lab at https://securitylab.amnesty.org/get-help/?c=mvt" + if self.detected_count == 0: + self.log.info( + f"[bold]NOTE:[/bold] Using MVT with public indicators of compromise (IOCs) [bold]WILL NOT[/bold] automatically detect advanced attacks.\n\n{support_message}", + extra={"markup": True}, + ) + else: + self.log.warning( + f"[bold]NOTE: Detected indicators of compromise[/bold]. Only expert review can confirm if the detected indicators are signs of an attack.\n\n{support_message}", + extra={"markup": True}, + ) + def run(self) -> None: try: self.init() @@ -208,3 +229,6 @@ def run(self) -> None: self._store_timeline() self._store_info() + + self._show_disable_adb_warning() + self._show_support_message()