SAN FRANCISCO: The hacking tools of an Italian company were used to spy on Apple Inc and Android smartphones in Italy and Kazakhstan, Google told Alphabet Inc in a report on Thursday.
The Milan-based RCS Lab, whose website claims European law enforcement is a customer, has developed tools to spy on personal messages and contacts on target devices, the report said.
European and US regulators are assessing potential new rules for the sale and import of spyware.
“These providers allow the spread of dangerous hacking tools and arm governments that would not be able to develop these capabilities internally,” Google said.
The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesman said the company had confiscated all known accounts and certificates associated with the hacking campaign.
RCS Lab said its products and services comply with European rules and help law enforcement investigate crimes.
“RCS Lab staff is not exposed or involved in any activities carried out by the customers concerned,” he told Reuters in an email, adding that he condemned any misuse of his products.
Google said it had taken steps to protect users of its Android operating system and warned them about spyware.
The global spyware industry for governments is growing, with more and more companies developing law enforcement interception tools. Anti-surveillance activists accuse them of helping governments, which in some cases use such tools to violate human and civil rights.
The industry came under the spotlight when it was discovered in recent years that the Israeli NSO surveillance firm’s Pegasus spyware had been used by a number of governments to spy on journalists, activists and dissidents.
Although the RCS Lab tool may not be as hidden as the Pegasus, it can still read messages and view passwords, said Bill Marchak, a security researcher at Citizen Lab.
“This shows that although these devices are ubiquitous, there is still a long way to go to protect them against these powerful attacks,” he added.
On its website, RCS Lab describes itself as a manufacturer of ‘legal interception’ technologies and services, including voice, data collection and ‘tracking systems’. It says it handles 10,000 intercepted targets a day in Europe alone.
Google researchers found that RCS Lab had previously collaborated with the controversial, non-existent Italian spy firm Hacking Team, which similarly created surveillance software for foreign governments to use phones and computers.
Hacking Team went bankrupt after falling victim to a major hack in 2015, which led to the disclosure of numerous internal documents.
In some cases, Google said it believed hackers using RCS spyware were working with the target ISP, suggesting they had links to government-backed actors, said Billy Leonard, a senior researcher at Google.
Add Comment