Apple and Android phones hacked by Italian spyware, Google says | hacking

An Italian company’s hacking tools were used to spy on Apple and Android smartphones in Italy and Kazakhstan, Alphabet Inc’s Google said in a new report.

Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, has developed tools to spy on private messages and contacts from the targeted devices, the report said.

European and US regulators have weighed up possible new rules on the sale and import of spyware.

“These vendors are spreading dangerous hacking tools and arming governments that couldn’t develop these capabilities in-house,” Google said.

The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesperson said the company had revoked all known accounts and certificates associated with this hacking campaign.

RCS Lab said its products and services comply with European regulations and help law enforcement agencies investigate crimes.

“RCS Lab personnel are not exposed to and do not participate in activities conducted by the relevant customers,” it told Reuters in an email, adding that it condemned any misuse of its products.

Google said it had taken steps to protect users of its Android operating system and notified them of the spyware known as Hermit.

The global industry that makes spyware for governments has grown and more and more companies are developing law enforcement interception tools. Anti-surveillance activists accuse them of helping governments that in some cases use such tools to tackle human and civil rights.

The industry came to the fore worldwide when Israeli surveillance company NSO’s Pegasus spyware was used by multiple governments in recent years to spy on journalists, activists and dissidents.

While RCS Lab’s tool may not be as unobtrusive as Pegasus, it can still read messages and view passwords, says Bill Marczak, a security researcher at digital watchdog Citizen Lab.

“This shows that while these devices are ubiquitous, there is still a long way to go to secure them against these powerful attacks,” he added.

On its website, RCS Lab describes itself as a maker of “legal interception” technologies and services, including voice, data collection, and “tracking systems.” It says it handles 10,000 intercepted targets daily in Europe alone.

Google researchers found that RCS Lab had previously partnered with the controversial, defunct Italian spy company Hacking Team, which had similarly created surveillance software for foreign governments to wiretap phones and computers.

Hacking Team went bankrupt after it fell victim to a major hack in 2015 that led to the disclosure of numerous internal documents.

In some cases, Google said it believed hackers using RCS spyware were collaborating with the target’s Internet service provider, suggesting they had ties to government-backed actors, said Billy Leonard, a senior researcher at Google.

There is evidence that Hermit was used in a predominantly Kurdish region of Syria, the mobile security company said.

Analysis from Hermit showed it could be used to take control of smartphones, record audio, route calls and collect data such as contacts, messages, photos and location, Lookout researchers said.

Google and Lookout noticed the spread of spyware by making people click on links in messages sent to targets.

“In some cases, we believe the actors collaborated with the target’s ISP (Internet Service Provider) to disable the target’s mobile data connection,” Google said.

“Once disabled, the attacker would send a malicious link via text message asking the target to install an application to restore their data connection.”

When not pretending to be a mobile Internet service provider, the cyber spies would send links masquerading as phone manufacturers or messaging applications to trick people into clicking, researchers said.

“Hermit deceives users by displaying the legitimate web pages of the brands it impersonates because it launches malicious activity in the background,” Lookout researchers said.

Google said it warned Android users who had been targeted by the spyware and stepped up its software defenses. Apple told AFP it has taken steps to protect iPhone users.

Google’s threat team is tracking more than 30 companies that sell surveillance capabilities to governments, according to Alphabet’s tech titan.

“The commercial spyware industry is thriving and growing at a significant rate,” Google said.

Leave a Comment