Hacking tools from an Italian company have been used to spy on Apple and Android smartphones in Italy and Kazakhstan, Alphabet’s Google said in a report Thursday.
Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, has developed tools to spy on the private messages and contacts of targeted devices, according to the report.
Google’s RCS Lab findings come as European and US regulators weigh potential new rules on the sale and import of spyware.
“These vendors enable the proliferation of dangerous hacking tools and arm governments that may not be able to develop these capabilities internally,” Google said.
Apple and the Italian and Kazakh governments did not immediately respond to requests for comment.
RCS Lab said its products and services comply with EU rules and help law enforcement investigate crimes.
“RCS Lab personnel are not exposed to or involved in any activity conducted by affected customers,” he told Reuters in an email, adding that he condemns any misuse of its products.
Google said it took steps to protect users of its Android operating system and alerted them to spyware.
The global industry of manufacturing spyware for governments has grown, with more and more companies developing interception tools for law enforcement agencies. Anti-surveillance activists accuse them of aiding governments, which in some cases use such tools to suppress human and civil rights.
The industry was in the global spotlight when Israeli surveillance company NSO’s Pegasus spyware was found in recent years to have been used by several governments to spy on journalists, activists and dissidents. .
While RCS Lab’s tool may not be as stealthy as Pegasus, it can still read messages and show passwords, said Bill Marczak, security researcher with digital watchdog Citizen Lab.
“It shows that even though these devices are ubiquitous, there is still a long way to go to protect them against these powerful attacks,” he added.
On its website, RCS Lab describes itself as a maker of “lawful interception” technologies and services, including voice, data collection, and “tracking systems.” He says he processes 10,000 intercepted targets daily in Europe alone.
Google researchers found that RCS Lab once collaborated with the controversial and defunct Italian spy firm Hacking Team, which also created surveillance software that allowed foreign governments to exploit phones and computers.
Hacking Team went bankrupt after being the victim of a major hack in 2015 which led to the disclosure of numerous internal documents.
In some cases, Google said it believed hackers using RCS spyware were working with the target’s internet service provider, suggesting they had ties to government-backed actors, Billy said. Leonard, senior researcher at Google.
© Thomson Reuters 2022