(San Francisco) Software from an Italian firm specializing in communications surveillance has been used to hack into smartphones to spy on users in Italy and Kazakhstan, according to Google, which condemns a “thriving” spyware industry.
Posted at 4:01 p.m.
“These companies facilitate the proliferation of dangerous hacking tools and arm governments that might not otherwise be able to develop these skills,” the tech giant said in a statement Thursday.
Google engineers explain that the victims, users of smartphones running Android (Google) and iOS (Apple), received a link to install malicious applications, which then allow them to spy on their activity on their mobile or extract documents.
In some cases, hackers act with the complicity of internet providers, and the applications resemble those of the operators. Otherwise they pretend to be messengers, like WhatsApp.
According to Google, the software used is that of RCS Lab, an Italian company that “provides advanced technological solutions to security services for communication surveillance”, according to its website. She did not immediately react to a request from AFP.
The California-based group, which has identified victims in Italy and Kazakhstan, says it warned users of infected Android devices and “made changes” to protect all users.
Apple, for its part, told AFP that it had also taken measures against hackers.
In September, the iPhone manufacturer had to urgently repair a computer flaw that Pegasus, the spyware from the Israeli company NSO, was able to exploit to infect the brand’s smartphones without even having recourse to links or trapped buttons.
According to several associations that brought the mass espionage scandal to light via Pegasus last July, tens of thousands of phones have been infected, including those of members of the French government.
Google engineers, who track more than 30 companies in the industry, say the spyware industry is “thriving and growing rapidly.”
“Our research shows the extent to which spyware vendors have propagated these tools, which were historically used only by governments,” they explain. “It makes the internet less secure and threatens the trust users need.”
They also point out that these tools, even legal under international law, are often used by governments for undemocratic purposes, in particular to target political activists, journalists or human rights defenders.