Apple and Android phones hacked by Italian spyware, Google says

A man holds a laptop as cyber code is projected onto him in this illustration photo, taken May 13, 2017. REUTERS/Kacper Pempel

Register now for FREE unlimited access to Reuters.com

SAN FRANCISCO, June 23 (Reuters) – An Italian company’s hacking tools were used to spy on Apple Inc (AAPL.O) and Android smartphones in Italy and Kazakhstan, Google of Alphabet Inc (GOOGL.O) said in a report on Thursday.

Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, has developed tools to spy on private messages and contacts from the targeted devices, the report said.

European and US regulators have weighed up possible new rules on the sale and import of spyware.

Register now for FREE unlimited access to Reuters.com

“These vendors enable the proliferation of dangerous hacking tools and arm governments that could not develop these capabilities internally,” Google said.

The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesperson said the company had revoked all known accounts and certificates associated with this hacking campaign.

RCS Lab said its products and services comply with European regulations and help law enforcement agencies investigate crimes.

“The RCS Lab staff will not be exposed to or participate in activities conducted by the relevant customers,” it told Reuters in an email, adding that it condemned any misuse of its products.

Google said it had taken steps to protect users of its Android operating system and notified them of the spyware.

The global industry that makes spyware for governments has grown and more and more companies are developing law enforcement interception tools. Anti-surveillance activists accuse them of helping governments that in some cases use such tools to tackle human and civil rights.

The industry came to the fore worldwide when Israeli surveillance company NSO’s Pegasus spyware was used by multiple governments in recent years to spy on journalists, activists and dissidents.

While RCS Lab’s tool may not be as unobtrusive as Pegasus, it can still read messages and view passwords, says Bill Marczak, a security researcher at digital watchdog Citizen Lab.

“This shows that while these devices are ubiquitous, there is still a long way to go to secure them against these powerful attacks,” he added.

On its website, RCS Lab describes itself as a maker of “legal interception” technologies and services, including voice, data collection and “tracking systems”. It says it handles 10,000 intercepted targets daily in Europe alone.

Google researchers found that RCS Lab had previously partnered with the controversial, defunct Italian spy company Hacking Team, which had similarly created surveillance software for foreign governments to wiretap phones and computers.

Hacking Team went bankrupt after it fell victim to a major hack in 2015 that led to the disclosure of numerous internal documents.

In some cases, Google said it believed hackers using RCS spyware were collaborating with the target’s Internet service provider, suggesting they had ties to government-backed actors, said Billy Leonard, a senior researcher at Google.

Register now for FREE unlimited access to Reuters.com

Reporting by Zeba Siddiqui in San Francisco; adaptation by Jonathan Oatis and David Gregorio

Our Standards: The Thomson Reuters Trust Principles.

Leave a Comment

Your email address will not be published.