Smartphones powered by two of the world’s most popular operating systems iOS and Android were both hacked using an Italian company’s hacking technology in both Italy and Kazakhstan noted Google in a report on Thursday.
RCS Lab is a Milan-based tech company that developed tools to spy on private messages and contacts of the targeted devices according to a report. The company’s website has European law enforcement agencies as clients.
European and American regulators have been weighing potential new rules over the sale and import of spyware.
“These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,” Google said.
Neither of the governments of Italy and Kazakhstan responded to requests for comment while an Apple spokesperson said the company had revoked all known accounts and certificates associated with this hacking campaign.
RCS Lab said its products and services comply with European rules and help law enforcement agencies investigate crimes.
“RCS Lab personnel are not exposed, nor participate in any activities conducted by the relevant customers,” it told Reuters in an email, adding it condemned any abuse of its products.
Google on the other hand says it had taken steps to protect Android OS users and alerted them about the spyware. The global industry making spyware for governments has increased in recent years with more companies developing interception tools for law enforcement agents.
Anti-surveillance activists accuse them of aiding governments in some cases using such tools to crack down on human rights and civil rights.
Google said it had taken steps to protect users of its Android operating system and alerted them about the spyware.
Companies as such have come under great spotlight since the Israeli surveillance company NSO’s Pegasus spyware was found to have been used by multiple governments across the globe to spy on journalists, activists, and dissidents.
While RCS Lab’s tool may not be as stealthy as Pegasus, it can still read messages and view passwords, said Bill Marczak, a security researcher with digital watchdog Citizen Lab.
“This shows that even though these devices are ubiquitous, there’s still a long way to go in securing them against these powerful attacks,” he added.
On its website, RCS Lab describes itself as a maker of “lawful interception” technologies and services including voice, data collection, and “tracking systems.” It says it handles 10,000 intercepted targets daily in Europe alone.
In fact, Google found in a research that RCS Lab had previously collaborated with he controversial, defunct Italian spy firm Hacking Team which had similarly created surveillance software for foreign governments in order to tap into phones and computers of private individuals.
The Hacking Team went bust after it became a victim of a major hack in 2015 that led to a disclosure of numerous internal documents. Google also noted that hackers using RCS spyware worked with the target’s internet service provider which suggests they had ties to government-backed actors, said Billy Leonard, a senior researcher at Google.