Spyware Vendors Hawking Zero-Day Flaws Uncovered by Google
(Bloomberg) -- A new report from Google finds that most of the zero-day vulnerabilities its researchers discovered last year were being exploited by commercial surveillance vendors and that sell the tools to governments to surreptitiously monitor their citizens.
Most Read from Bloomberg
Russia Slips Into Historic Default as Sanctions Muddy Next Steps
Big Tech Sinks Stocks Bruised by Recession Jitters: Markets Wrap
China Cuts Travel Quarantine in Biggest Covid Zero Shift Yet
Tesla Cuts 200 Autopilot Workers as It Closes California Site
Alphabet Inc.’s Google said on Thursday that it has been tracking more than 30 firms with “varying levels of sophistication and public exposure” that sold software exploits or surveillance capabilities.
Seven out of nine zero-day vulnerabilities that Google found in 2021 were being developed by commercial providers and “sold to and used by government-backed actors,” the company said. Zero-days flaws are issues in software that hackers and spyware vendors can exploit until a patch is provided by the developer.
Google also said software made by RCS Lab S.p.A. was able to infect mobile phones — running Apple’s iOS or Google’s Android operating system — and snoop on users in Italy and Kazakhstan. Google’s findings follow those last week from the cyber firm Lookout Inc., which said “Hermit” spyware was likely developed by RCS.
"Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits," the Google researchers warned in a blog post that also shared snippets of the code. "This makes the internet less safe and threatens the trust on which users depend."
In a statement, RCS said it abides by government regulations and has long served law enforcement customers.
"Our products are delivered and installed within the premises of approved customers," the company said. "RCS Lab strongly condemns any abuse or improper use of its products which are designed and produced with the intent of supporting the legal system in preventing and combating crime."
Most Read from Bloomberg Businessweek
You Can Give People What They Want. Or You Can Give Them Web3
How Generations of Black Americans Lost Their Land to Tax Liens
©2022 Bloomberg L.P.