Google has issued an alert concerning government-grade spyware on phones. The company warns that select international governments are leveraging this technology to hack into iOS and Android phones for surveillance purposes.

The spyware in question was developed by RCS Lab, a Milan-based ‘lawful intercept’ company. ‘Lawful intercept’ means that RCS Lab can only sell to customers with ‘legitimate use’ for surveillance tech, such as intelligence and law enforcement agencies.

Nonetheless, these types of spyware tools can be used to spy on journalists, academics, government officials, business executives and others.

Hermit spyware victims

The spyware, dubbed “Hermit,” has victims in Kazakhstan, Italy and Syria, according to Google and third-party researchers.

How Hermit spyware works

In iOS devices, the Hermit iOS app abuses Apple enterprise developer certificates and contains six different exploits. Two of these exploits are never-before-seen zero-days. One such zero-day was known to Apple as under active exploit before it was fixed.

Collaboration with ISPs

In some instances, spyware owners have worked with a target’s internet service provider (ISP) to disable a target’s mobile connectivity. Afterwards, the spyware owner sends the target an app that promises to help recover internet connectivity. The app contains the spyware.

More distribution methods

The spyware is also commonly distributed via text messages that appear to emerge from legitimate sources. Think high-profile brands, like Facebook. As users peruse the pages, malicious activities start up in the background.

Hermit spyware capabilities

Hermit spyware retains capabilities that allow for it to record voices, access a victim’s camera, burrow through the address book, pinch data from the clip board, snoop on chats in apps, and track individuals via tracking systems.

Addressing spyware

Google tracks more than 30 different spyware makers that render services to government-backed clients.

According to spokespersons with Google, the company has taken steps to protect users of its Android operating system. It is alerting affected consumers about Hermit. The precise number of consumers that the company is notifying remains unknown.

Google says that the commercial spyware industry is ‘thriving’ and growing at a significant rate, which it calls ‘concerning’ in relation to all internet users. “…we have seen the industry rapidly expand from a few vendors to an entire ecosystem,” threat analysts noted.

In response to Google’s analysis, RCS Lab states that its products and services comply with European rules and enable law enforcement agencies to thoroughly investigate crimes. The company condemns abuse of its products.

Hermit spyware: App stores

Researchers say that neither the Android nor iOS versions of the Hermit spyware have been found in the app stores. Google states that it has updated Google Play Protect, the app security scanner within Android, in order to prevent the Hermit app from running.

Extended implications

The prevalence of the Hermit spyware and the NSO Group’s Pegasus spyware help reveal the extent of government-backed surveillance under the guise of legitimate interests. While spyware use is often legal, it has previously been linked to unethical, anti-democratic initiatives and human rights abuses.

For more on this story, see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, exclusive interviews, expert analyses and security resources, please sign up for the CyberTalk.org newsletter.