Pegasus row: WhatsApp told govt in Sept that 121 Indian users possibly compromised

WhatsApp had written to CERT-In on May 20 that it had fixed a vulnerability now known to have been caused by Pegasus, the malware developed by Israel tech firm NSO Group.
Pegasus row: WhatsApp told govt in Sept that 121 Indian users possibly compromised
Pegasus row: WhatsApp told govt in Sept that 121 Indian users possibly compromised
Written by:

The Ministry of Electronics and Information Technology (MeitY) was informed in September by WhatsApp that snooping attempts may have been made on 121 Indian users, the ministry informed the Lok Sabha on Wednesday. The ministry was posed the question by AIMIM MPs Asaduddin Owaisi and Syed Imtiaz Jaleel.

In its response, the MeitY said that the Indian Computer Emergency Response Team (CERT-In), the nodal agency for cyber crime, published a vulnerability note pertaining to WhatsApp on May 17. According to the ministry, the note advised countermeasures to users regarding a vulnerability on the messaging app. An archived version of this note published by the government suggests upgrading to the latest version of WhatsApp.

Following this, the government said that WhatsApp responded on May 20 informing that it had fixed a vulnerability “that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out attacks.”

Further, the government said that WhatsApp wrote back to CERT-In on September 5 with an update which added that “devices of approximately one hundred and twenty one users in India may have been attempted to be reached.”

However, it was only after news broke on October 31 that phones of Indian users had been targeted with the help of the Pegasus malware that CERT-In issued a notice to WhatsApp. Electronics & Information Technology Minister Ravi Shankar Prasad in his statement on October 31, however, said that the government had asked WhatsApp to “explain the kind of breach and what is it doing to safeguard the privacy of millions of Indian citizens”.

The government’s response comes on the day the Parliamentary Standing Committee on Information Technology will meet to seek a response from the MeitY, the Ministry of Home Affairs and the Department of Atomic Energy on citizens' data security and privacy, according to IANS.

The panel, headed by Congress leader and MP Shashi Tharoor, will take up the WhatsApp snooping case in this regard. Tharoor is learnt to have told the panel members that alleged use of technology for snooping on Indian citizens was a matter of "grave concern".

17 activists, lawyers, researchers and others out of the 22 who were informed that their phones had been compromised through the malware attack wrote to the parliamentary panel, asking it to summon the relevant government departments to ask them eight specific questions pertaining to Pegasus and the surveillance on Indian citizens.

The questions they posed are— which agencies are carrying out targeted and unauthorised surveillance, if sections of the state/central government are involved in deploying the Pegasus malware, if public money has been used for it, if central agencies are aware about NSO Group (the Israeli firm believed to be behind the technology) employees and operatives in the country, the individuals under surveillance by Central or state agencies, what steps are being taken to book the people involved and repair breaches, and for the details of all those authorised to carry out surveillance in accordance with legal provisions.

WhatsApp is currently suing the NSO Group, an Israeli surveillance firm, which made the technology, Pegasus, that helped unnamed entities hack into phones of roughly 1,400 users worldwide. 

Minister Ravi Shankar Prasad has asked WhatsApp for a report on the allegations.

WhatsApp has over 1.5 billion users globally, of which India accounts for about 400 million.

With IANS inputs

Related Stories

No stories found.
The News Minute
www.thenewsminute.com