 "WhatsApp did not disclose information about Pegasus in May, says govt")
In the ongoing tussle between the government and Facebook-owned instant messaging service WhatsApp over Israeli malicious software being used to spy on some Indian citizens, government sources said late Friday evening that WhatsApp had not disclosed to Indian authorities full information about the video calling vulnerability.
“WhatsApp had given information to CERT-IN, a government agency as seen in the attached image in May. As is seen in the image, it is a communication in pure technical jargon without any mention of Pegasus or the extent of breach. Thus, the information shared was only about a technical vulnerability but nothing on the fact that privacy of Indian users had been compromised,” said a government source.
The image referred to was a security alert from the Computer Emergency Response Team of India (CERT-In), which was published in May.
“A vulnerability has been reported in WhatsApp which could be exploited by a remote attacker to execute arbitrary code on the affected system... Successful exploitation of this vulnerability could allow the attacker to access information on the system such as call logs, messages, photos, etc, which could lead to further compromise of the system,” it said.
CERT-In is the national agency that keeps a tab on cyber incidents and cyberattacks in India.
On October 30, Will Cathcart, the head of WhatsApp, had written in an opinion piece in The Washington Post: “In May, WhatsApp announced that we had detected and blocked a new kind of cyberattack involving a vulnerability in our video-calling feature... Now, after months of investigation, we can say who was behind this attack. Today, we have filed a complaint in federal court that explains what happened and attributes the intrusion to an international technology company called NSO Group.”
The following day, it was reported that the vulnerability in WhatsApp had been exploited to target journalists and activists in India as well.
Pegasus is a malicious software developed and sold to governments by NSO Group. It was used to hack into Apple devices running certain versions of iOS, first reported about in 2016.
The government has asked WhatsApp to explain by November 4 how the breach occurred and how the privacy of Indian citizens was compromised.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%