[ad_1]
Google has warned of spyware being used by foreign governments to hack into Apple and Android phones and snoop on users’ activities.
The offending ‘spyware’ – software that steals information from a device – was created by Milan-based company RCS Lab, Google and security firm Lookout have revealed.
RCS Lab spyware has allegedly been used by the Italian and Kazakhstani governments to spy on private messages and contacts stored on their citizens’ smartphones.
However, the spyware is potentially capable of spying on a victim’s browser, camera, address book, clipboard and chat apps too.
RCS Lab is an example of a ‘lawful intercept’ company that claims to only sell to customers with legitimate use for surveillance, such as intelligence and law enforcement agencies.
But in reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials, security experts say.
Spyware is a specific type of malware that steals information from a computer and sends it to a third party, without the person’s knowledge (file photo)
It’s thought RCS Lab’s spyware, nicknamed ‘Hermit’, is distributed via SMS messages that appear to come from legitimate sources.
It tricks users by serving up what looks like legitimate webpages of high-profile brands as it kickstarts malicious activities in the background.
In some cases, citizens were sent SMS messages asking them to install an application to fix their slow mobile connectivity – when in fact, doing so installed the spyware.
In these cases, attackers managed to get the victim’s internet service provider (ISP) to slow down their connectivity, Google said, to make it seem like a legitimate message.
In other cases, citizens were sent links to a webpage that was masquerading as a high profile tech company, such as Facebook.
As an example, Google posted a screenshot from one of the attacker controlled sites, www.fb-techsupport.com, intended to impersonate Facebook’s support team (the webpage no longer exists).
In Italian, it told victims that their accounts had been suspended and they they needed to download an application to restore the account.
Google said it had taken steps to protect users of its Android operating system and alert them about the spyware.
Apple and the governments of Italy and Kazakhstan did not immediately respond to requests for comment.
Screenshot posted by Google, which translates from Italian as: ‘Suspended account reset. Download and install, following the instructions on the screen, the application for verifying and restoring your suspended account. At the end of the procedure you will receive an unlock confirmation SMS’
Google said the commercial spyware industry is ‘thriving’ and ‘growing at a significant rate’ – a trend that ‘should be concerning to all internet users’.
‘These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,’ Benoit Sevens and Clement Lecigne from Google’s Threat Analysis Group said in a blog post.
‘While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments for purposes antithetical to democratic values – targeting dissidents, journalists, human rights workers and opposition party politicians.’
On its website, RCS Lab claims European law enforcement agencies as some of its clients and describes itself as a maker of ‘lawful interception’ technologies and services including voice, data collection and ‘tracking systems’.
It says it handles 10,000 intercepted targets daily in Europe alone.
In response to Google’s findings, RCS Lab said its products and services comply with European rules and help law enforcement agencies investigate crimes.
‘RCS Lab personnel are not exposed, nor participate in any activities conducted by the relevant customers,’ it told Reuters, adding that it condemned any abuse of its products.
Google published its blog post on Thursday, a few weeks after San Francisco-based Lookout detailed its own findings.
According to Lookout, the RCS Lab spyware has been used by the government of Kazakhstan within its borders and has been used by Italian authorities in an anti-corruption operation in 2019.
‘We also found evidence suggesting that an unknown actor used it in northeastern Syria, a predominantly Kurdish region that has been the setting of numerous regional conflicts,’ Lookout said.
Google also found RCS Lab had previously collaborated with the controversial, defunct Italian spy firm Hacking Team, which had similarly created surveillance software for foreign governments to tap into phones and computers.
Hacking Team went bust after it became a victim of a major hack in 2015 that led to a disclosure of numerous internal documents.
The new findings on RCS Lab comes as European and US regulators weigh potential new rules over the sale and import of spyware.
The global industry making spyware for governments has been growing, with more and more companies developing interception tools for law enforcement organisations.
Anti-surveillance activists accuse them of aiding governments that in some cases are using such tools to crack down on human rights and civil rights.
Concerns over spyware were fuelled by media outlets reporting last year that Israeli firm NSO’s Pegasus tools were used by governments to spy on journalists, activists and dissidents.
Vendors of so-called ‘lawful intercept’ spyware, such as RCS Lab and NSO, usually claim to only sell to entities that have a legitimate use for surveillanceware such as police forces fighting organised crime or terrorism, Lookout says. However, there have been many reports, especially in recent years, of spyware being misused (file photo)
‘They claim to only sell to customers with legitimate use for surveillanceware, such as intelligence and law enforcement agencies,’ mobile cybersecurity specialist Lookout said of companies like NSO and RCS Lab.
‘In reality, such tools have often been abused under the guise of national security to spy on business executives, human rights activists, journalists, academics and government officials.’
While RCS Lab’s tool may not be as stealthy as Pegasus, it can still read messages and view passwords, said Bill Marczak, a security researcher with digital watchdog Citizen Lab.
‘This shows that even though these devices are ubiquitous, there’s still a long way to go in securing them against these powerful attacks,’ Marczak said.
[ad_2]
Source link