The Milan-based RCS Lab, whose website claims European law enforcement is a customer, has developed tools to spy on personal messages and contacts on target devices, the report said.
Google’s (GOOG) findings on the RCS Lab come as European and US regulators assess potential new rules for selling and importing spyware.
“These providers allow the spread of dangerous hacking tools and arm governments that would not be able to develop these capabilities internally,” Google said.
Apple (AAPL) and the governments of Italy and Kazakhstan did not respond immediately to requests for comment.
RCS Lab said its products and services comply with European rules and help law enforcement investigate crimes.
“RCS Lab staff has not been identified or involved in any activities carried out by the customers concerned,” he told Reuters in an email, adding that he condemned any misuse of its products.
Google said it had taken steps to protect users of its Android operating system and warned them about spyware.
The global spyware industry for governments is growing, with more and more companies developing interception tools for law enforcement agencies. Anti-surveillance activists accuse them of helping governments, which in some cases use such tools to fight human rights and civil rights.
The industry came under the spotlight when it was discovered in recent years that Pegasus spy software from an Israeli NSO surveillance company had been used by many governments to spy on journalists, activists and dissidents.
Although the RCS Lab tool may not be as hidden as Pegasus, it can still read messages and view passwords, said Bill Marchak, a security researcher at Citizen Lab.
“This shows that although these devices are ubiquitous, there is still a long way to go to protect them against these powerful attacks,” he added.
On its website, RCS Lab describes itself as a manufacturer of ‘legal interception’ technologies and services, including voice, data collection and ‘tracking systems’. It says it handles 10,000 intercepted targets a day in Europe alone.
Google researchers found that RCS Lab had previously collaborated with the controversial, non-existent Italian spy firm Hacking Team, which similarly created surveillance software for foreign governments to use phones and computers.
Hacking Team went bankrupt after falling victim to a major hack in 2015, which led to the disclosure of numerous internal documents.
In some cases, Google said it believed hackers using RCS spyware were working with the target ISP, suggesting they had links to government-backed actors, said Billy Leonard, a senior researcher at Google.
Add Comment