The surveillance industry is growing at a frenzied pace and this trend should worry all Internet users. Benoit Sevens and Clement Lecigne clearly state this in a detailed report where the two Google researchers denounce the use of Italian software to spy on Apple and Android users.
In the report, published Thursday, the Italian RCS Lab is explicitly mentioned, whose tools were allegedly used to spy on smartphones of users in Italy and Kazakhstan. The complaint is re-launched by a second research published by the cybersecurity company Lookout according to which “Based on our analysis, the spyware we have called ‘Hermit’ is presumably developed by the Italian RCS Lab and by Tykelab Srl, a company that offers telecommunication and we suspect it operates as a “front company.” According to Lookout, the surveillance software was used by the Kazakh government.
According to Lookout, spyware on Android allows you to record audio, make and redirect phone calls, collect call logs, contacts, photos, device location and SMS messages. According to Google researchers, spyware is distributed via WhatsApp and SMS messages that pretend to come from a legitimate source such as telecommunications companies or smartphone manufacturers with the excuse of solving a connectivity problem and redirect them to support pages written in Italian.
The case
Spy software, the Pegasus scandal eventually broke out in Israel as well
by Arturo Di Corinto
How makware is distributed
To distribute the malware capable of carrying out wiretapping on iPhones, it seems that the digital certificate of the Turin-based company 3-1 mobile that we contacted for a comment was used. For now there are two hypotheses, all to be verified: the certificate has been stolen or there is a collaboration between these companies.
According to Luca Sambucci, expert in cybersecurity and artificial intelligence: “Digital certificates are a method for developers to sign software, so that the origin is clear. In major operating systems, starting software without a digital signature would cause the program to stop running and a system warning, which generally alerts users. Usually a digital certificate is acquired by the developer or company he works for. Keeping the private key that allows you to sign the software confidential is obviously a security imperative, as if stolen it could be used to sign third-party software, causing embarrassment and liability issues for the certificate owners.
In the past several times already, groups of cyber criminals have used stolen certificates to sign malware, such as in the famous case of Stuxnet, where parts of the software were distributed using the digital signatures of major hardware manufacturers “.
The alarm of the European authorities
The alarm comes just as the European and American regulatory authorities are evaluating potential new rules on the sale and import of spyware, urged by Catalangate (the espionage of Catalan independence deputies and the political left) and by the confirmation that at least 5 European countries have used the Israeli spyware Pegasus.
Google’s complaint is harsh: “These vendors are allowing the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities internally.”
According to Bill Marczak, a security researcher at Citizen Lab, the tool Google spotted can still read messages and view passwords, and although Google has said it has taken steps to protect users of its Android operating system, “There is still a lot of way to go to protect users from these powerful attacks. “
The alarm
From spyware to stalkerware: how spy apps fuel domestic violence
by Giuditta Mosca
Rcs Lab, the Italian company that ended up in the spotlight
We contacted RCS Lab for an explicit comment on the affair as they have already told Reuters that they are not involved in the activities of their customers and that they condemn any abuse of its products. On its website, RCS Lab, present in the Caldera Business Park in Milan, presents itself as a producer of “legal interception” technologies and services including voice, data collection and “tracking systems” with 10,000 targets intercepted every day in the Europe alone.
Google researchers, The Guardian also reports, found that RCS Lab had previously partnered with controversial Italian spy firm Hacking Team, which had created surveillance software to allow foreign governments to tap into phones and computers. Hacking Team went bankrupt after being the victim of a major hack in 2015 that led to the disclosure of numerous internal documents.
Google also said it believed hackers using RCS Lab spyware were working with the victims’ Internet service provider, which “suggests they had links to government-backed actors,” said Billy Leonard, senior researcher at Google.
“This is why when Google discovers these activities, we not only take steps to protect users, but we also publicly disclose that information to raise awareness and help the entire ecosystem, in line with our historic commitment to openness. and democratic values ”.
War
Because the Conti ransomware gang has sided with Russia
by Arturo Di Corinto
The problem of spy software
In early February, the European Data Protection Supervisor called for a ban on the development and use of commercial spyware in Europe, saying the technology‘s “unprecedented level of intrusiveness” could endanger users’ right to access. privacy.
While some observers and analysts such as Lior Tabansky of Tel Aviv University believe that the surveillance industry is necessary to make our societies safer and that it is not fair to place the blame for any abuse on technology manufacturers instead of calling for responsibility. of government agencies that use it, Google’s position is very different:
“These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities internally. Although the use of surveillance technologies may be legal under national or international laws, they are often used by governments for purposes antithetical to democratic values: targeting dissidents, journalists, human rights workers and opposition party politicians. “
So say the two researchers in the report that at least 7 of 9 0 day vulnerabilities found by their research group in 2021 involved spy software. And they make an important reasoning: “Suppliers who secretly accumulate zero-day vulnerabilities represent a serious risk to the Internet, especially if the supplier is compromised.”
It is not said, but the reference is to the irruption of the Shadow Brokers in the IT arsenal of the Tao, Tailored Access Operation, the offensive hacking group of the NSA that once disclosed made it possible, among other things, to exploit the Eternal exploit. Blue for the attacks of Wannacry, the ransomware that in 2017 brought about 300,000 computers to their knees worldwide.
Benoit and Lecigne conclude with an appeal: “Addressing the harmful practices of the commercial surveillance industry will require a robust and comprehensive approach that includes cooperation between threat intelligence teams, network advocates, academic researchers, governments and platforms. technological. We look forward to continuing our work in this space and promoting the safety and security of our users around the world. “