Hacking tools from an Italian company were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Alphabet Inc’s Google said in a new report.
Milan-based
rcs lab, whose website claims European law enforcement agencies are clients, developed tools to spy on private messages and contacts from target devices, according to the report.
European and US regulators have been weighing possible new rules on the sale and importation of spyware.
“These vendors are enabling the proliferation of dangerous hacking tools and arming governments that could not develop these capabilities internally,” Google said.
The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesperson said the company had revoked all known accounts and certificates associated with this hacking campaign.
rcs lab said its products and services comply with European standards and help law enforcement investigate crimes.
“rcs lab staff are not exposed to or involved in any activities conducted by the relevant customers,” he told Reuters in an email, adding that he condemned any abuse of its products.
google said it had taken steps to protect users of its android operating system and alerted them to the spyware, known as hermit.
The global industry that makes spyware for governments has been on the rise, with more and more companies developing interception tools for law enforcement. anti-surveillance activists accuse them of aiding governments which, in some cases, use such tools to crack down on human rights and civil rights.
The industry was thrown into the global spotlight when it was discovered in recent years that Israeli surveillance firm nso’s pegasus spyware had been used by various governments to spy on journalists, activists and dissidents.
>
While the RCS Lab tool may not be as stealthy as Pegasus, it can still read messages and see passwords, said Bill Marczak, a security researcher with the Citizen Digital Surveillance Lab.
“This shows that while these devices are ubiquitous, there is still a long way to go to protect against these powerful attacks,” he added.
On its website, rcs lab describes itself as a manufacturer of “lawful interception” technologies and services including voice, data collection and “tracking systems”. says it handles 10,000 intercepted targets daily in europe alone.
Google researchers discovered that rcs lab had previously collaborated with the controversial and defunct Italian spy company hacking team, which had also created surveillance software to give foreign governments access to phones and computers.
>
The hacking team went bankrupt after being the victim of a major attack in 2015 that led to the disclosure of numerous internal documents.
In some cases, Google said it believed the hackers using the rcs spyware were working with the target’s internet service provider, suggesting they had ties to government-backed actors, said senior researcher billy leonard from google.
Evidence suggests the hermit was used in a predominantly Kurdish region of Syria, the mobile security company said.
hermit’s analysis showed it can be used to gain control of smartphones, record audio, redirect calls and collect data such as contacts, messages, photos and location, lookout researchers said.
google and lookout noted that spyware spreads by getting people to click on links in messages sent to targets.
“In some cases, we believe the actors worked with the target’s ISP (Internet Service Provider) to disable the target’s mobile data connectivity,” Google said.
“once disabled, the attacker would send a malicious link via sms asking the target to install an application to regain their data connectivity.”
When not posing as a mobile internet service provider, cyberspies would send links purporting to be from phone manufacturers or messaging apps to trick people into clicking, the researchers said.
“hermit tricks users by displaying the legitimate web pages of the brands it impersonates while initiating malicious activities in the background,” lookout researchers said.
Google said it has warned Android users targeted by the spyware and has increased the software’s defenses. Apple told AFP that it has taken steps to protect iPhone users.
Google’s threat team is tracking more than 30 companies that sell surveillance capabilities to governments, according to the alphabet-owned tech titan.
“The commercial spyware industry is thriving and growing at a significant rate,” Google said.