Alphabet Inc’s Google said in a new report that hacking tools from an Italian company were used to spy on Apple and Android smartphones in Italy and Kazakhstan.
Milan-based RCS Lab, whose website claims European law enforcement agencies as customers, has developed tools to spy on private messages and contacts of targeted devices, the report said.
European and US regulators are weighing potential new rules on the sale and importation of spyware.
“These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,” Google said.
The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesperson said the company has revoked all known accounts and certificates associated with this hacking campaign.
RCS Lab said its products and services comply with European regulations and help law enforcement agencies investigate crimes.
“RCS Lab personnel are not exposed, nor participate in any activity conducted by the customers concerned,” it told Reuters in an email, condemning any misuse of its products.
Google said it has taken steps to protect users of its Android operating system and alerted them to spyware, known as Hermit.
The global industry producing spyware for governments is growing, and more companies are developing interception tools for law enforcement. Anti-surveillance activists accused him of aiding governments that in some cases use such tools to crack down on human rights and civil rights.
The industry came into the global spotlight when Pegasus spyware from Israeli surveillance firm NSO was used in recent years by multiple governments to spy on journalists, activists and dissidents.
Bill Markzak, a security researcher at digital watchdog Citizen Lab, said that although RCS Lab’s tool may not be as stealthy as Pegasus, it can still read messages and view passwords.
This shows that even though these tools are ubiquitous, there is still a long way to go to secure them against these powerful attacks, he said.
On its website, RCS Lab describes itself as a manufacturer of “legitimate interception” technologies and services that include voice, data collection and “tracking systems”. It says it handles 10,000 intercepted targets daily in Europe alone.
Google researchers found that RCS Lab previously collaborated with the controversial, defunct Italian spy firm Hacking Team, which similarly created surveillance software for foreign governments to tap into phones and computers.
The hacking team was busted in 2015 after falling victim to a major hack that led to the disclosure of several internal documents.
Billy Leonard, a senior Google researcher, said that in some cases, Google said it believed hackers using RCS spyware worked with the target’s Internet service provider, which suggests that their government There were ties to supported actors.
The mobile security company said evidence showed the Hermit was used in the Kurdish region of Syria.
Lookout researchers said Hermit’s analysis showed it could be used to gain control of a smartphone, record audio, redirect calls, and collect data such as contacts, messages, photos and locations.
Google and Lookout noticed spyware spread by getting people to click on links in messages sent to Target.
“In some cases, we believe that the actors worked with the target’s ISP (Internet Service Provider) to disable the target’s mobile data connectivity,” Google said.
“Once disabled, the attacker will send a malicious link via SMS asking the target to install an application to recover their data connectivity.”
When not masquerading as a mobile Internet service provider, cyber spies send links to phone manufacturers or messaging applications to trick people into clicking them, the researchers said.
“Hermit tricks users by serving them legitimate webpages from brands that kickstart malicious activities in the background,” the Lookout researchers said.
Google said it has warned Android users targeted by spyware and has beefed up software protections. Apple told AFP it has taken steps to protect iPhone users.
According to the Alphabet-owned tech titan, Google’s Threat Team is tracking more than 30 companies that sell surveillance capabilities to governments.
“The commercial spyware industry is flourishing and growing at a significant rate,” Google said.
