The hacking tools of an Italian company were used to spy on Apple and Android handsets in Italy and Kazakhstan, Alphabet’s Google reported on Thursday.
According to the article, the Milan-based RCS Lab, whose website lists European law enforcement agencies as clients, built tools to eavesdrop on the targeted devices’ private communications and contacts.
Google’s RCS Lab findings come as European and American regulators consider proposed new restrictions governing the sale and import of spyware.
“These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,” Google said.
Apple, as well as the governments of Italy and Kazakhstan, did not reply quickly to demands for comment.
According to RCS Lab, its products and services are compliant with European regulations and aid law enforcement organisations in their investigations.
“RCS Lab personnel are not exposed, nor participate in any activities conducted by the relevant customers,” it told Reuters in an email, adding that it condemned any abuse of its products.
Google said it had taken precautions to protect Android users and had informed them about the spyware.
The global spyware market for governments is expanding, with more and more companies developing intercepting tools for law enforcement agencies. Anti-surveillance campaigners accuse them of assisting governments that, in some situations, utilise such tools to repress human and civil rights.
The sector was thrust into the spotlight in recent years after the Israeli espionage firm NSO’s Pegasus spyware was discovered to have been used by several countries to spy on journalists, activists, and dissidents.
While RCS Lab’s programme isn’t as covert as Pegasus, it can still read messages and view passwords, according to Bill Marczak, a security researcher at Citizen Lab.
“This shows that even though these devices are ubiquitous, there’s still a long way to go in securing them against these powerful attacks,” he added.
RCS Lab promotes itself on its website as a provider of “lawful interception” technology and services such as voice, data gathering, and “tracking systems.” It claims to detect 10,000 targets per day in Europe alone.
RCS Lab had previously partnered with the controversial, defunct Italian spy business Hacking Team, which had also produced spying software for foreign governments to get into phones and computers, according to Google researchers.
Hacking Team went bankrupt after being the subject of a significant attack in 2015, which resulted in the publication of countless internal documents.
In certain cases, Google stated that it thought hackers using RCS spyware collaborated with the target’s internet service provider, implying ties to government-backed actors, according to Billy Leonard, a senior researcher at Google.
(Adapted from CNBCTV18.com)