Canada Markets closed

Spyware Vendors Hawking Zero-Day Flaws Uncovered by Google

  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
·2 min read
In this article:
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.

(Bloomberg) -- A new report from Google finds that most of the zero-day vulnerabilities its researchers discovered last year were being exploited by commercial surveillance vendors and that sell the tools to governments to surreptitiously monitor their citizens.

Most Read from Bloomberg

Alphabet Inc.’s Google said on Thursday that it has been tracking more than 30 firms with “varying levels of sophistication and public exposure” that sold software exploits or surveillance capabilities.

Seven out of nine zero-day vulnerabilities that Google found in 2021 were being developed by commercial providers and “sold to and used by government-backed actors,” the company said. Zero-days flaws are issues in software that hackers and spyware vendors can exploit until a patch is provided by the developer.

Google also said software made by RCS Lab S.p.A. was able to infect mobile phones — running Apple’s iOS or Google’s Android operating system — and snoop on users in Italy and Kazakhstan. Google’s findings follow those last week from the cyber firm Lookout Inc., which said “Hermit” spyware was likely developed by RCS.

"Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits," the Google researchers warned in a blog post that also shared snippets of the code. "This makes the internet less safe and threatens the trust on which users depend."

In a statement, RCS said it abides by government regulations and has long served law enforcement customers.

"Our products are delivered and installed within the premises of approved customers," the company said. "RCS Lab strongly condemns any abuse or improper use of its products which are designed and produced with the intent of supporting the legal system in preventing and combating crime."

Most Read from Bloomberg Businessweek

©2022 Bloomberg L.P.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting