Hacking tools from an Italian company have been used to spy on Apple and Android smartphones in Italy and Kazakhstan, Alphabet Inc’s Google said in a new report.
Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, has developed tools to spy on the private messages and contacts of targeted devices, according to the report.
European and US regulators have been weighing potential new rules on the sale and import of spyware.
“These vendors enable the proliferation of dangerous hacking tools and arm governments that may not be able to develop these capabilities internally,” Google said.
The Italian and Kazakh governments did not immediately respond to requests for comment. An Apple spokesperson said the company has revoked all known accounts and certificates associated with this hacking campaign.
RCS Lab said its products and services comply with EU rules and help law enforcement investigate crimes.
“RCS Lab personnel are not exposed to or involved in any activity conducted by affected customers,” he told Reuters in an email, adding that he condemns any misuse of its products.
Google said it took steps to protect users of its Android operating system and alerted them to the spyware, known as Hermit.
The global government spyware industry has grown, with more and more companies developing interception tools for law enforcement. Anti-surveillance activists accuse them of aiding governments, which in some cases use such tools to suppress human and civil rights.
The industry was in the global spotlight when Israeli surveillance company NSO’s Pegasus spyware was found in recent years to have been used by several governments to spy on journalists, activists and dissidents. .
While RCS Lab’s tool may not be as stealthy as Pegasus, it can still read messages and show passwords, said Bill Marczak, security researcher with digital watchdog Citizen Lab.
“It shows that even though these devices are ubiquitous, there is still a long way to go to protect them against these powerful attacks,” he added.
On its website, RCS Lab describes itself as a maker of “lawful interception” technologies and services, including voice, data collection, and “tracking systems.” He says he processes 10,000 intercepted targets daily in Europe alone.
Google researchers found that RCS Lab once collaborated with the controversial and defunct Italian spy firm Hacking Team, which also created surveillance software that allowed foreign governments to exploit phones and computers.
Hacking Team went bankrupt after being the victim of a major hack in 2015 which led to the disclosure of numerous internal documents.
In some cases, Google said it believed hackers using RCS spyware were working with the target’s internet service provider, suggesting they had ties to government-backed actors, Billy said. Leonard, senior researcher at Google.
Evidence suggests Hermit was used in a predominantly Kurdish region of Syria, the mobile security firm said.
Hermit’s analysis showed that it can be used to take control of smartphones, record audio, redirect calls and collect data such as contacts, messages, photos and location, have said the Lookout researchers.
Google and Lookout noted that spyware spreads by tricking people into clicking on links in messages sent to targets.
“In some cases, we believe actors worked with the target’s ISP (internet service provider) to disable the target’s mobile data connectivity,” Google said.
“Once disabled, the attacker would send a malicious link via SMS asking the target to install an app to recover their data connectivity.”
When not impersonating a mobile internet service provider, cyberspies sent links claiming to be from phone makers or messaging apps to trick people into clicking, researchers said.
“Hermit deceives users by serving the legitimate web pages of brands it impersonates to run malicious activities in the background,” the Lookout researchers said.
Google said it warned Android users targeted by spyware and tightened software defenses. Apple told AFP it had taken steps to protect iPhone users.
Google’s threat team tracks more than 30 companies that sell surveillance capabilities to governments, according to the Alphabet-owned tech titan.
“The commercial spyware industry is thriving and growing at a significant rate,” Google said.