The hacking tools of an Italian company were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Google told Alphabet Inc. in a new report.
Milan-based RCS Lab, whose website claims European law enforcement as customers, developed tools to spy on private messages and contacts from target devices, according to the report.
European and American regulators have been weighing up potential new rules on the sale and import of spyware.
“These vendors are allowing the proliferation of dangerous tools of piracy and arming governments that could not develop these capabilities internally,” Google said.
The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesman said the company had revoked all known accounts and certificates associated with this piracy campaign.
RCS Lab said its products and services meet European standards and help law enforcement agencies investigate crimes.
“RCS Lab staff are not exposed, nor do they participate in any activity performed by relevant customers,” he told Reuters in an email, adding that he condemned any abuse of its products.
Google said it had taken steps to protect users of its Android operating system and alerted them to spyware, known as Hermit.
The global spyware industry for governments has been growing, with more companies developing law enforcement interception tools. Anti-surveillance activists accuse them of helping governments that in some cases use these tools to repress human rights and civil rights.
The industry came under global focus when in recent years it was found that Israeli surveillance firm NSO’s Pegasus spyware had been used by various governments to spy on journalists, activists and dissidents.
While the RCS Lab tool may not be as stealthy as Pegasus, it can still read messages and see passwords, said Bill Marczak, a security researcher at Digital Citizen Lab.
“This shows that while these devices are ubiquitous, there is still a long way to go to protect them from these powerful attacks,” he added.
On its website, RCS Lab is described as a manufacturer of “legal interception” technologies and services, such as voice, data collection and “tracking systems.” He says he manages 10,000 targets intercepted daily in Europe alone.
Google researchers found that RCS Lab had previously collaborated with the controversial and defunct Italian spy company Hacking Team, which had also created surveillance software for foreign governments to use phones and computers.
Hacking Team broke down after being the victim of a major hacking in 2015 that led to the disclosure of numerous internal documents.
In some cases, Google said it believed hackers using RCS spyware were working with the target Internet service provider, suggesting they had links to government-backed actors, said researcher Billy Leonard. Google senior.
Evidence suggests the hermitage was used in a predominantly Kurdish region of Syria, the mobile security company said.
Hermit’s analysis showed that it can be used to gain control of smartphones, record audio, redirect calls, and collect data such as contacts, messages, photos, and location, Lookout researchers said.
Google and Lookout observed that spyware spreads by causing people to click on links in messages sent to targets.
“In some cases, we believe the actors worked with the target’s ISP (Internet Service Provider) to disable the target’s mobile data connectivity,” Google said.
“Once disabled, the attacker sent a malicious link via SMS asking the target to install an application to recover its data connectivity.”
When not disguised as a mobile Internet service provider, cyberespies sent links pretending to be from phone or messaging app makers to trick people into clicking, the researchers said.
“Hermit deceives users by offering the legitimate web pages of the brands it impersonates while initiating malicious activities in the background,” Lookout researchers said.
Google said it has warned Android users attacked by spyware and has increased the software’s defenses. Apple told AFP it has taken steps to protect iPhone users.
Google’s threat team is tracking more than 30 companies that sell surveillance capabilities to governments, according to Alphabet-owned technology titan.
“The commercial spyware industry is thriving and growing at a significant pace,” Google said.