Hacking tools from an Italian company have been used to spy on Apple and Android smartphones in Italy and Kazakhstan, Alphabet Inc said Google in a new report.
RCS Lab, based in Milan, of which website claims that European law enforcement agencies as clients, have developed tools to spy on private messages and contacts of targeted devices, according to the report.
European and US regulators have been weighing potential new rules on the sale and import of spyware.
“These vendors enable the proliferation of dangerous hacking tools and arm governments that may not be able to develop these capabilities internally,” Google said.
The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesperson said the company has revoked all known accounts and certificates associated with this hacking campaign.
RCS Lab said its products and services comply with EU rules and help law enforcement investigate crimes.
“RCS Lab personnel are not exposed to or involved in any activity conducted by affected customers,” he told Reuters in an email, adding that he condemns any misuse of its products.
Google said it has taken steps to protect users from its android operating system and alerted them to the spyware, known as Hermit.
The global government spyware industry has grown, with more and more companies developing interception tools for law enforcement. Anti-surveillance activists accuse them of aiding governments, which in some cases use such tools to suppress human and civil rights.
The industry came into the global spotlight when Israeli surveillance company NSO’s Pegasus spyware was in recent years. proven to have been used by multiple governments to spy on journalists, activists and dissidents.
While RCS Lab’s tool may not be as stealthy as Pegasus, it can still read messages and show passwords, said Bill Marczak, security researcher with digital watchdog Citizen Lab.
“It shows that even though these devices are ubiquitous, there is still a long way to go to protect them against these powerful attacks,” he added.
On its website, RCS Lab describes itself as a maker of “lawful interception” technologies and services, including voice, data collection, and “tracking systems.” He says he processes 10,000 intercepted targets daily in Europe alone.
Google researchers found that RCS Lab once collaborated with the controversial and defunct Italian spy firm Piracy Team, which had also created surveillance software for foreign governments to gain access to phones and computers.
Hacking Team went bankrupt after being the victim of a major hack in 2015 which led to the disclosure of numerous internal documents.
In some cases, Google said it believed hackers using RCS spyware were working with the target’s internet service provider, suggesting they had ties to government-backed actors, Billy said. Leonard, senior researcher at Google.
Evidence suggests Hermit was used in a predominantly Kurdish region of Syria, the mobile security company said.
Hermit’s analysis showed that it can be used to take control of smartphones, record audio, redirect calls and collect data such as contacts, messages, photos and location, have said the Lookout researchers.
Google and Lookout noted that spyware spreads by tricking people into clicking on links in messages sent to targets.
“In some cases, we believe actors worked with the target’s ISP (internet service provider) to disable the target’s mobile data connectivity,” Google said.
“Once disabled, the attacker would send a malicious link via SMS asking the target to install an app to recover their data connectivity.”
When not impersonating a mobile internet service provider, cyberspies sent links claiming to be from phone makers or messaging apps to trick people into clicking, researchers said.
“Hermit deceives users by serving the legitimate web pages of brands it impersonates to run malicious activities in the background,” the Lookout researchers said.
Google said it warned Android users targeted by spyware and tightened software defenses. Apple told AFP it had taken steps to protect iPhone users.
Google’s threat team tracks more than 30 companies that sell surveillance capabilities to governments, according to the Alphabet-owned tech titan.
“The commercial spyware industry is thriving and growing at a significant rate,” Google said.