Google : Apple, Android phones targeted by Italian spyware


Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, developed tools to spy on private messages and contacts of the targeted devices, Google's report showed.

An Italian company’s hacking tools were used to spy on Apple Inc and Android smartphones in Italy and Kazakhstan, Alphabet Inc’s Google said in a report on Thursday. Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, developed tools to spy on private messages and contacts of the targeted devices, the report said.

Google’s findings on RCS Lab comes as European and American regulators weigh potential new rules over the sale and import of spyware.

RCS Lab said its products and services comply with European rules and help law enforcement agencies investigate crimes. “RCS Lab personnel are not exposed, nor participate in any activities conducted by the relevant customers,” it told Reuters in an email, adding that it condemned any abuse of its products.

Google said it had taken steps to protect users of its Android operating system and alerted them about the spyware.

The global industry making spyware for governments has been growing, with more and more companies developing interception tools for law enforcement organizations. Anti-surveillance activists accuse them of aiding governments that in some cases are using such tools to crack down on human rights and civil rights.

The industry came under a global spotlight when the Israeli surveillance firm NSO’s Pegasus spyware was in recent years found to have been used by multiple governments to spy on journalists, activists, and dissidents.

While RCS Lab’s tool may not be as stealthy as Pegasus, it can still read messages and view passwords, said Bill Marczak, a security researcher with digital watchdog Citizen Lab.

RCS Lab describes itself as a maker of “lawful interception” technologies and services including voice, data collection and “tracking systems.” It says it handles 10,000 intercepted targets daily in Europe alone.

Google researchers found RCS Lab had previously collaborated with the controversial, defunct Italian spy firm Hacking Team, which had similarly created surveillance software for foreign governments to tap into phones and computers.

In some cases, Google said it believed hackers using RCS spyware worked with the target’s internet service provider, which suggests they had ties to government-backed actors, said Billy Leonard, a senior researcher at Google.