Milan-based RCS Lab, whose website claims European law enforcement as customers, developed tools to spy on private messages and contacts from target devices, according to the report.
Google (GOOG) findings about RCS Lab occur when European and US regulators weigh in on potential new rules on the sale and import of spyware.
“These vendors are allowing the proliferation of dangerous tools of piracy and arming governments that could not develop these capabilities internally,” Google said.
Apple (AAPL) and the governments of Italy and Kazakhstan did not immediately respond to requests for comment.
RCS Lab said its products and services meet European standards and help law enforcement agencies investigate crimes.
“RCS Lab staff are not exposed, nor do they participate in any activity performed by relevant customers,” he told Reuters in an email, adding that he condemned any abuse of its products.
Google said it had taken steps to protect users of its Android operating system and alerted them to spyware.
The global spyware industry for governments has been growing, and more and more companies are developing interception tools for law enforcement organizations. Anti-surveillance activists accuse them of helping governments that in some cases are using these tools to repress human rights and civil rights.
The industry came under global focus when in recent years it was found that Israeli surveillance firm NSO’s Pegasus spyware had been used by various governments to spy on journalists, activists and dissidents.
While the RCS Lab tool may not be as stealthy as Pegasus, it can still read messages and see passwords, said Bill Marczak, a security researcher at Digital Citizen Lab.
“This shows that while these devices are ubiquitous, there is still a long way to go to protect them from these powerful attacks,” he added.
On its website, RCS Lab is described as a manufacturer of “legal interception” technologies and services that include voice, data collection and “tracking systems”. He says he manages 10,000 targets intercepted daily in Europe alone.
Google researchers found that RCS Lab had previously collaborated with the controversial and defunct Italian spy company Hacking Team, which had also created surveillance software for foreign governments to use phones and computers.
Hacking Team broke down after being the victim of a major hacking in 2015 that led to the disclosure of numerous internal documents.
In some cases, Google said it believed hackers using RCS spyware were working with the target Internet service provider, suggesting they had links to government-backed actors, said researcher Billy Leonard. Google senior.