An Italian company’s hacking tool was used to spy on Apple and Android smartphones in Italy and Kazakhstan, Alphabet Incs Google said in a new report.
Milan-based RCS Lab, whose website European law enforcement agencies claim as clients, developed tools to spy on private messages and contacts from the targeted units, the report said.
European and US regulators have considered potential new rules for the sale and import of spyware.
“These vendors enable the proliferation of dangerous hacking tools and arm governments that would not be able to develop these features internally,” Google sa.
The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesman said the company had revoked all known accounts and certificates associated with this hacking campaign.
RCS Lab said its products and services comply with European rules and help law enforcement agencies investigate crimes.
“RCS Labs staff are not exposed and do not participate in any activities performed by the relevant customers,” it told Reuters in an email, adding that it condemned any misuse of its products.
Google said it had taken steps to protect its users Android operating system and warned them about the spyware, known as the Hermit.
The global industry that produces spyware for governments has grown, with more companies developing eavesdropping tools for law enforcement. Anti-surveillance activists accuse them of helping governments, which in some cases use such tools to crack down on human and civil rights.
The industry ended up in a global spotlight when the Israeli surveillance company NSO’s Pegasus spy program was in recent years turned out to have been used by several governments to spy on journalists, activists and dissidents.
Although RCS Labs tools may not be as sneaky as Pegasus, it can still read messages and see passwords, says Bill Marczak, a security researcher with the digital watchdog Citizen Lab.
“This shows that even though these devices are everywhere, there is still a long way to go to secure them against these powerful attacks,” he added.
On its website, RCS Lab describes itself as a manufacturer of “legal eavesdropping” technologies and services including voice, data collection and “tracking systems”. It says it handles 10,000 intercepted targets daily in Europe alone.
Google researchers found that RCS Lab had previously collaborated with the controversial, defunct Italian spy company Hacking Team, which had similarly created monitoring programs for foreign governments to use telephones and computers.
Hacking Team went bankrupt after it became a victim of a major hack in 2015 which led to the disclosure of many internal documents.
In some cases, Google said it believed hackers using RCS spyware worked with the target’s ISP, indicating that they had links to government-backed actors, said Billy Leonard, a senior researcher at Google.
Evidence suggests that Hermit was used in a predominantly Kurdish region of Syria, the mobile security company said.
Hermit’s analysis showed that it can be used to gain control over smartphones, record audio, redirect calls and collect data such as contacts, messages, photos and location, said Lookout researchers.
Google and Lookout noted that spyware is spread by getting people to click on links in messages sent to targets.
“In some cases, we believe that the players worked with the target’s ISP (Internet Service Provider) to disable the target’s mobile data connection,” said Google.
“Once disabled, the attacker sent a malicious link via SMS asking the target to install an application to restore their data connection.”
When the cyber spies did not disguise themselves as a mobile internet provider, the cyber spies sent links that pretended to be from phone manufacturers or messaging applications to trick people into clicking, researchers said.
“Hermit deceives users by displaying the legitimate web pages of the brands it mimics when it launches malicious activities in the background,” said Lookout researchers.
Google said it had warned Android users targeted by the spyware and increased its software defenses. Apple told AFP that they have taken steps to protect iPhone users.
Google’s hotteam tracks more than 30 companies that sell surveillance features to governments, according to Alphabet-owned tech titan.
“The commercial spyware industry is booming and growing at a significant rate,” said Google.
#Apple #Android #phones #hacked #Italian #spyware #Google