Alphabet Inc’s Google stated in a report on Thursday, June 23 that smartphones of Android and Apple in Italy and Kazakhstan were hacked. Reportedly, hacking tools of Italian company RCS Lab were used to spy on them this week.
The website of the lab, which is based in Milan, claimed that that their clients included European law enforcement agencies. The report stated that they developed the tools in order to spy on contacts and private messages on the specified devices. For a while now, American and European regulators have been weighing potential new rules regarding the sale and import of such spyware.
In its report, Google stated how the company is ‘enabling the proliferation’ of such harmful hacking methods, and ‘arming governments’ which would are generallly unable to develop such ‘capabilities in house.’
Both Kazakhstan and Italian governments did not acknowledge requests for a comment on the situation However, a spokesperson from Apple said that they had ‘revoked’ all concerned accounts and certificates connected to this hacking incident. Moreover, the lab stated that its products and services were in compliance with European rules, and aid law enforcement agencies in investigation of crimes.
“RCS Lab personnel are not exposed, nor participate in any activities conducted by the relevant customers,” it said, adding it condemned any abuse of its products.
Moreover, Google stated that it implemented steps for the protection of its Android users, alerting them about this spyware. The emergence of the global industry developing spyware for governments, and companies making interception tools for law enforcement has been evident. Additionally, anti-surveillance activists alleged that provision of the help to governments is to use these tools to crack down on civil and human rights in some cases.
Particularly, this industry came under significant limelight when revelations about the Pegasus spyware of Israeli surveillance firm NSO came in front. In recent years, the spyware was discovered to have been under use by several governments to spy on activists, dissidents and journalists.
Though RCS Lab’s might not match Pegasus’ stealth, but it can read messages and see passwords. Security Researcher Bill Marczak at digital watchdog Citizen Lab revealed this aspect. Moreover, he stated how this incident reveals that though devices are ‘ubiquitous,’ still more security implementation is required to protect them from such attacks.
According to its website, the lab is a maker of ‘lawful interception’ services and technologies, and claims to handle 10,000 intercepted targets daily just in Europe. Moreover, researchers from Google discovered that RCS Lab had joined Italian spy firm Hacking Team before.
In certain cases, the search giant stated that it believed that hackers using RCS spyware worked with internet service provider of the devices. Clearly, this shows that they had links to government-backed actors, according to Google’s senior researcher Billy Leonard.