The hacker’s tools of an Italian company were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google told Alphabet Inc in a new report.
The Milan-based RCS Lab, whose website claims European law enforcement is a customer, has developed tools to spy on personal messages and contacts on target devices, the report said.
European and US regulators are assessing potential new rules for the sale and import of spyware.
“These providers allow the spread of dangerous hacking tools and arm governments that would not be able to develop these capabilities internally,” Google said.
The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesman said the company had confiscated all known accounts and certificates associated with the hacking campaign.
RCS Lab said its products and services comply with European rules and help law enforcement investigate crimes.
“RCS Lab staff is not exposed or involved in any activities carried out by the customers concerned,” he told Reuters in an email, adding that he condemned any misuse of his products.
Google said it had taken steps to protect users of its Android operating system and warned them about spyware known as Hermit.
The global spyware industry for governments is growing, with more and more companies developing law enforcement interception tools. Anti-surveillance activists accuse them of helping governments, which in some cases use such tools to violate human and civil rights.
The industry came under the spotlight when it was discovered in recent years that Pegasus spy software from an Israeli NSO surveillance company had been used by many governments to spy on journalists, activists and dissidents.
Although the RCS Lab tool may not be as hidden as Pegasus, it can still read messages and view passwords, said Bill Marchak, a security researcher at Citizen Lab.
“This shows that although these devices are ubiquitous, there is still a long way to go to protect them against these powerful attacks,” he added.
On its website, RCS Lab describes itself as a manufacturer of ‘legal interception’ technologies and services, including voice, data collection and ‘tracking systems’. It says it handles 10,000 intercepted targets a day in Europe alone.
Google researchers found that RCS Lab had previously collaborated with the controversial, non-existent Italian spy firm Hacking Team, which similarly created surveillance software for foreign governments to use phones and computers.
Hacking Team went bankrupt after falling victim to a major hack in 2015, which led to the disclosure of numerous internal documents.
In some cases, Google said it believed hackers using RCS spyware were working with the target ISP, suggesting they had links to government-backed actors, said Billy Leonard, a senior researcher at Google.
Evidence suggests that Hermit was used in a predominantly Kurdish region in Syria, the mobile security company said.
Hermit’s analysis showed it could be used to gain control of smartphones, record audio, divert calls and collect data such as contacts, messages, photos and location, Lookout researchers said.
Google and Lookout note the spread of spyware by making people click links in messages sent to targets.
“In some cases, we believe that participants have worked with the target ISP (ISP) to disable the target’s mobile data connection,” Google said.
“Once deactivated, the attacker will send a malicious connection via SMS, asking the target to install an application to reconnect to data.”
When not disguised as a mobile ISP, cyber spies send links pretending to be from phone makers or messaging apps to trick people into clicking, researchers said.
“Hermit scams consumers by serving the legitimate web pages of the brands it imitates, as it launches malicious activities in the background,” Lookout researchers said.
Google said it had warned Android users against spyware and tightened software protection. Apple told AFP it had taken steps to protect iPhone users.
Google’s threat team is tracking more than 30 companies selling government surveillance capabilities, according to Alphabet’s technology titanium.
“The commercial spyware industry is thriving and growing at a significant rate,” Google said.
Add Comment