Apple and Android phones hacked by Italian spyware, says Google | Chop


An Italian company’s hacking tools were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Alphabet Inc.’s Google said in a new report.

Milan-based RCS Lab, whose website lists European law enforcement agencies as clients, has developed tools to spy on the target devices’ private messages and contacts, the report says.

European and American regulators have been considering potential new rules for the sale and import of spyware.

“These vendors enable the proliferation of dangerous hacking tools and arm governments that could not develop these skills in-house,” Google said.

The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesman said the company had revoked all known accounts and certificates related to this hacking campaign.

RCS Lab said its products and services comply with European regulations and help law enforcement investigate crimes.

“RCS Lab employees are not exposed nor participate in any activities conducted by the relevant customers,” it told Reuters in an email, adding that it condemned any misuse of its products.

Google said it has taken steps to protect users of its Android operating system, warning them about the spyware known as Hermit.

The global industry that produces spyware for governments has grown, and more and more companies are developing eavesdropping tools for law enforcement. Anti-surveillance activists accuse them of supporting governments, which in some cases use such tools to crack down on human and civil rights.

The industry has come under the global spotlight in recent years when it was found that Israeli surveillance firm NSO’s Pegasus spyware was being used by several governments to spy on journalists, activists and dissidents.

While RCS Lab’s tool isn’t as stealthy as Pegasus, it can still read messages and view passwords, said Bill Marczak, a security researcher at Digital Watchdog Citizen Lab.

“This shows that while these devices are ubiquitous, there is still a long way to go to protect them against these powerful attacks,” he added.

RCS Lab describes itself on its website as a manufacturer of “lawful wiretapping” technologies and services, including voice, data collection and “tracking” systems. It says it handles 10,000 targets intercepted daily in Europe alone.

Google researchers found that RCS Lab had previously worked with the controversial, defunct Italian spy firm Hacking Team, which had also developed surveillance software for foreign governments to tap into phones and computers.

Hacking Team went bankrupt after falling victim to a major hack in 2015 that exposed numerous internal documents.

In some cases, Google believed hackers using RCS spyware were working with the target’s ISP, suggesting they had ties to state-backed actors, said Billy Leonard, a senior researcher at Google.

Evidence suggests Hermit was used in a predominantly Kurdish region of Syria, the mobile security firm said.

Analysis of Hermit showed that it can be used to take control of smartphones, record audio, redirect calls and collect data such as contacts, messages, photos and locations, Lookout researchers said.

Google and Lookout noticed the spread of spyware by tricking people into clicking links in messages sent to destinations.

“In some cases, we believe the actors worked with the target’s Internet Service Provider (ISP) to disable the target’s mobile data connectivity,” Google said.

“Once disabled, the attacker sent a malicious link via SMS, prompting the target to install an application to restore their data connectivity.”

When not posing as a mobile Internet service provider, the cyber spies send links pretending to be from phone makers or messaging apps to trick people into clicking, researchers said.

“Hermit deceives users by serving up the legitimate websites of the brands it impersonates while launching malicious activities in the background,” Lookout researchers said.

Google said it warned Android users affected by the spyware and stepped up software defenses. Apple told AFP it has taken steps to protect iPhone users.

According to Alphabet tech titan, Google’s threat team is tracking more than 30 companies that sell surveillance capabilities to governments.

“The commercial spyware industry is thriving and growing at a significant rate,” said Google.

You May Also Like