Google has identified spyware and hacking tools owned by an Italian vendor that was used to spy on Apple iPhones and Android smartphones. In a report shared on June 23, the search engine giant said it has been tracking the activities of commercial spyware vendors for years. The Italian company identified by Google is RCS Labs, which uses a combination of tactics, including atypical drive-by downloads as initial infection vectors, to target mobile users on both iOS and Android operating systems. The identified victims were located in Italy and Kazakhstan.
“Seven of the nine zero-day vulnerabilities our Threat Analysis Group discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors. TAG is actively tracking more than 30 vendors with varying levels of sophistication and public exposure selling exploits or surveillance capabilities to government-backed actors,” Benoit Sevens and Clement Lecigne, Threat Analysis Group, Google, wrote in a blog post.
“These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house. While use of surveillance technologies may be legal under national or international laws, they are often found to be used by governments for purposes antithetical to democratic values: targeting dissidents, journalists, human rights workers and opposition party politicians,” Sevens and Lecigne added.
The company noted that once it discovers these activities, it not only takes steps to protect users, but also discloses that information publicly to raise awareness and help the entire ecosystem, in line with its commitment to openness.
Meanwhile, an Apple spokesperson was quoted as saying by news agency Reuters that the company has revoked all known accounts and certificates involved in the hacking campaign.