Apple and Android phones hacked by Italian spyware, says Google | Hacking

Hacking tools from an Italian company have been used to spy on Apple and Android smartphones in Italy and Kazakhstan, Alphabet Inc’s Google said in a new report.

Milan-based RCS Lab, whose website claims European law enforcement as clients, has developed tools to spy on private messages and contacts from targeted devices, the report said.

European and American regulators are considering potential new rules on the sale and import of spyware.

“These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities internally,” said Google.

The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesperson said the company revoked all known accounts and certificates associated with this hacking campaign.

RCS Lab said its products and services comply with European standards and help law enforcement investigate crimes.

“RCS Lab personnel are not exposed to, nor participate in, any activity conducted by affected customers,” he told Reuters in an email, adding that he condemned any abuse of its products.

Google said it has taken steps to protect users of its Android operating system and warned them of spyware, known as Hermit.

The global industry of spyware for governments is growing, with more and more companies developing eavesdropping tools for law enforcement. Anti-surveillance activists accuse them of helping governments which in some cases use such tools to crack down on human rights and civil rights.

The industry was in the global spotlight when it was discovered in recent years that Pegasus spyware from Israeli surveillance firm NSO has been used by multiple governments to spy on journalists, activists and dissidents.

While RCS Lab’s tool may not be as stealthy as Pegasus, it can still read messages and view passwords, said Bill Marczak, a security researcher with the Citizen Lab digital watchdog.

“This shows that even though these devices are ubiquitous, there is still a long way to go to protect them from these powerful attacks,” he added.

On its website, RCS Lab describes itself as a manufacturer of “legal interception” technologies and services including voice, data collection and “tracking systems”. It says it manages 10,000 targets intercepted every day in Europe alone.

Google researchers found that RCS Lab had previously partnered with the controversial and defunct Italian spy firm Hacking Team, which had similarly created surveillance software to allow foreign governments to tap into phones and computers.

Hacking Team went bankrupt after being the victim of a major hack in 2015 that led to the disclosure of numerous internal documents.

In some cases, Google said it believed hackers using RCS spyware were working with the target ISP, suggesting they had links to government-backed actors, said Billy Leonard, a senior researcher at Google.

Evidence suggests Hermit was used in a predominantly Kurdish region of Syria, the mobile security company said.

Hermit’s analysis showed that it can be employed to gain control of smartphones, record audio, redirect calls and collect data such as contacts, messages, photos and location, the Lookout researchers said.

Google and Lookout have noticed that spyware spreads by tricking people to click on links in messages sent to targets.

“In some cases, we believe the actors have partnered with the target’s Internet Service Provider (ISP) to disable the target’s mobile data connectivity,” said Google.

“Once disabled, the attacker would send a malicious link via SMS asking the target to install an application to recover data connectivity.”

When they weren’t masquerading as mobile Internet service providers, cyber spies would send links pretending to come from phone makers or messaging applications to trick people into clicking, the researchers said.

“Eremita tricks users by serving the legitimate web pages of the brands it impersonates while initiating malicious activities in the background,” said the Lookout researchers.

Google said it warned Android users targeted by spyware and stepped up the software’s defenses. Apple told AFP that it has taken steps to protect iPhone users.

Google’s threat team is monitoring more than 30 companies that sell surveillance capabilities to governments, according to the tech titan owned by Alphabet.

“The commercial spyware industry is thriving and growing at a significant pace,” said Google.

Leave a Comment