As part of Google’s efforts to track the activities of commercial spyware vendors, the company’s Threat Analysis Group (TAG) on Thursday released a report on spyware campaigns targeted to Android and iOS users.
Google TAG researchers Benoit Sevens and Clement Lesigne detail the use of entrepreneurial grade spyware called “Hermit”. This sophisticated spyware tool allows attackers to steal data, private messages and make phone calls. In their report, TAG researchers attributed Hermit to RCS Labs, a commercial spyware vendor based in Italy.
The hermit poses a number of significant dangers. Due to its modularity, Hermit is highly customizable, allowing the functions of the spyware to be changed according to the wishes of its user. Once perfectly located on the target’s phone, attackers can harvest sensitive information such as call logs, contacts, photos, exact locations and SMS messages.
The full report by Sevens and Lesigne details the ways in which attackers can access both Android and iOS devices through the use of clever tricks and drive-by attacks. Potential targets of this scam will have their data disabled through their ISP carrier before they can send a malicious link via text to ‘fix’ the problem. If that doesn’t work, the target will be tricked into downloading a malicious application masquerading as a messaging application.
Spyware designed to track terrorists was also used against journalists and activists
Just last week, cybersecurity firm Lookout reported on Hermit’s use by agents working in the governments of Kazakhstan, Syria and Italy. Google has already identified victims in these countries, stating that “TAG is actively tracking more than 30 vendors selling exploits or surveillance capabilities to government-backed actors with varying levels of sophistication.” and are actively tracking with public exposure.”
The Milan-based company claims to have “provided state-of-the-art technical solutions and technical support in the field of lawful interception for over twenty years to law enforcement agencies around the world.” In Europe alone, more than 10,000 intercepted targets are estimated to be handled daily.
When reached for comment by The Hacker News, RCS Labs said that its “core business is the design, production and implementation of dedicated software platforms for lawful interception, forensic intelligence, and data analysis” and that it is “supporting law enforcement to prevent and investigate.” Supports “serious crimes such as terrorism, drug trafficking, organized crime, child abuse and corruption.”
Still, the news of spyware being used by state government agents is worrying. Not only does this erode confidence in the security of the Internet, but it also puts the lives of anyone the government considers an enemy of the state such as dissidents, journalists, human rights activists and opposition party politicians.
“Tackling the harmful practices of the commercial surveillance industry will require a robust, comprehensive approach that includes collaboration between threat intelligence teams, network defenders, academic researchers, governments and technology platforms,” the Google TAG researchers wrote. “We look forward to continuing our work in this space and advancing the safety and security of our users around the world.”