Just yesterday, we reported that WhatsApp sued Israeli firm NSO Group for spying on Indian journalists, and activists. Following this, the Indian government asked WhatsApp to explain the nature of a privacy breach on the app. The company said it agrees with the strong demand made by the government to explain the kind of breach to safeguard the privacy of millions of users. In India, WhatsApp reportedly has around 400 million users.
IT Minister Ravi Shankar Prasad said on Thursday that the government “is concerned at the breach of privacy of citizens of India on the messaging platform WhatsApp.” “That is why we’ve taken this strong action to hold cyber attackers accountable. WhatsApp is committed to the protection of all user messages through the product we provide,” a WhatsApp spokesperson said.
The Home Ministry also issued a separate statement on the WhatsApp controversy, saying the government “is committed to protect the fundamental rights of citizens, including the right of privacy and will take strict action against any intermediary responsible for breach of privacy.”
WhatsApp: NSO Group attack details
As per a report, a spokesperson from WhatsApp confirmed that NSO Group used Pegasus to monitor Indians. These include about two dozen academics, lawyers, journalists, and Dalit activists. WhatsApp clarified that these victims were under surveillance for two weeks before Facebook discovered the weakness. The company contacted all the targets to inform them about the attack after discovery. The spokesperson did not reveal the exact number of people but they did mention that it was “not an insignificant number”.
Pegasus spyware allowed attackers to get access to a whole host of private data. These include passwords, contacts, calendar events, text messages, and live voice calls. As mentioned in the report, the NSO Group denied the claims in a statement. It also went on to add, “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. Our technology is not designed or licensed for use against human rights activists and journalists.”
As per past reports, WhatsApp initially discovered about the attack and Pegasus back in May 2019. At the time, the company asked WhatsApp users across the world to update their app versions. This spyware worked on a vulnerability known as “zero-click zero-day” where the attacker can directly infect the smartphone. In fact, attackers used WhatsApp video calls to inject Pegasus in the device.
– With inputs from IANS