According to a study released on Thursday by Alphabet Inc.’s Google, a hacking tool developed in Italy was used to spy on Apple Inc. and Android handsets in Kazakhstan and Italy.
The article said that RCS Lab, a Milan-based company whose website lists European law enforcement agencies as clients, created tools to spy on the private messages and contacts of the targeted devices.
Regulators in Europe and America have been considering possible updates to the laws governing the sale and import of spyware.
Google said that “these suppliers are encouraging the spread of harmful hacking tools and empowering countries that would not be able to acquire these capabilities internally.”
Requests for reaction from the governments of Italy and Kazakhstan did not immediately receive a response. Apple has invalidated all known accounts and certificates connected to this hacking attempt, according to a company spokeswoman.
According to RCS Lab, its goods and services are compliant with European regulations and support criminal investigations by law enforcement.
In an email to the media, RCS Lab stated that its employees were not exposed to any actions that the pertinent clients were conducting and that they did not take part in them. It also strongly opposed any misuse of its goods.
Google said that it had taken precautions to safeguard Android users and had informed them about the malware.
More businesses are creating intercepting tools for law enforcement, fueling a worldwide sector that produces malware for governments. The use of such instruments by some governments to repress civil and human rights is accused by anti-surveillance groups.
When Pegasus malware from the Israeli espionage company NSO was recently discovered to have been utilized by several countries to spy on journalists, activists, and dissidents, the sector came under intense international scrutiny.
According to Bill Marczak, a security researcher with online watchdog Citizen Lab, RCS Lab’s program may still read communications and examine passwords even if it may not be as covert as Pegasus.
This demonstrates that despite the widespread use of these devices, much work has to be done to protect them from such potent attacks, he continued.
RCS Lab markets “lawful interception” products and services, including as voice, data gathering, and “tracking systems,” on its website. It claims to manage 10,000 intercepted targets every day in only Europe.
Researchers from Google discovered that RCS Lab had previously worked with the infamous, now-defunct Italian spy agency Hacking Team, which had developed similar monitoring software for other countries to eavesdrop on people’s phones and computers.
After becoming the target of a significant attack in 2015 that resulted in the release of countless internal documents, Hacking Team filed for bankruptcy.
Billy Leonard, a senior researcher at Google, claimed that in certain instances, the company thought that hackers using RCS spyware collaborated with the target’s ISP, suggesting that they had connections to perpetrators with government backing.