On Thursday, Alphabet Inc’s Google said that an Italian company’s hacking tools were used to spy on Apple Inc and Android handsets in Italy and Kazakhstan.
According to the article, the Milan-based RCS Lab, whose website lists European law enforcement agencies as clients, built tools to eavesdrop on the targeted devices’ private communications and contacts.
European and American regulators are considering new laws governing the sale and import of spyware.
Google stated, “These vendors are facilitating the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house.”
The governments of Italy and Kazakhstan did not reply to demands for comment right away. According to an Apple spokesman, the company has cancelled all known accounts and certificates linked to this hacking activity.
RCS Lab claims that its products and services conform with European regulations and help law enforcement organisations in their investigations.
“RCS Lab workers are not exposed, nor do they participate in any operations done by the relevant customers,” the company told Reuters in an email, adding that any misuse of its goods was unacceptable.
Google said it had taken precautions to protect Android users and had informed them about the spyware.
The global spyware market is expanding, with more companies producing intercepting technologies for law enforcement. Anti-surveillance campaigners accuse them of assisting governments, which sometimes employ such instruments to suppress human and civil rights.
The sector was thrust into the spotlight in recent years after the Israeli espionage firm NSO’s Pegasus spyware was discovered to have been used by several countries to spy on journalists, activists, and dissidents.
While RCS Lab’s programme isn’t as covert as Pegasus, it can still read messages and view passwords, according to Bill Marczak, a security researcher at Citizen Lab.
“This demonstrates that, despite their pervasiveness, there is still a long way to go in securing them against these potent attacks,” he noted.
RCS Lab promotes itself on its website as a provider of “lawful interception” technology and services such as voice, data gathering, and “tracking systems.” It claims to detect 10,000 targets per day in Europe alone.
RCS Lab had previously partnered with the controversial, defunct Italian spy business Hacking Team, which had also produced spying software for foreign governments to get into phones and computers, according to Google researchers.
Hacking Team went bankrupt after being the subject of a significant attack in 2015, which resulted in the publication of countless internal documents.
In certain cases, Google stated that it thought hackers using RCS spyware collaborated with the target’s internet service provider, implying ties to government-backed actors, according to Billy Leonard, a senior researcher at Google.
