After WhatsApp confirmed that Indian human rights activists and journalists were among those targeted by an Israeli spyware, telecom minister said the government had asked the company to explain the breach that had targetted Indians amongst others.
“Indian users were among those contacted by us this week,” a WhatsApp spokesperson told IANS, without revealing the numbers or names of those affected.
However, some individuals came out on their own on social media and news outlets, revealing they were among those affected by the spyware developed by Israeli cyber-intelligence company NSO Group.
The piece of NSO Group software called Pegasus allegedly exploited WhatsApp’s video calling system with installing the spyware via giving missed calls to snoop on 1,400 select users globally.
“Government of India is concerned at the breach of the privacy of citizens of India on the messaging platform WhatsApp. We have asked WhatsApp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens,” tweeted IT Minister Ravi Shankar Prasad.
“Govt is committed to protecting privacy of all Indian citizens. Govt agencies have a well established protocol for interception, which includes sanction and supervision from highly ranked officials in central & state governments, for clear stated reasons in national interest,” he added.
“Those trying to make political capital out of it need to be gently reminded about the bugging incident in the office of the then eminent Finance Minister Pranab Mukherjee during UPA regime. Also a gentle reminder of the spying over the then Army Chief Gen. V. K. Singh,” said Prasad.
“These are instances of breach of privacy of highly reputed individuals, for personal whims and fancies of a family,” he added.
Facebook-owned WhatsApp has already sued NSO Group that exploited its video calling system to snoop on 1,400 select users globally.
Those targeted in India included the human rights activists who were arrested over their alleged involvement in the Bhima-Koregaon Dalit riots near Pune in January last year and some journalists.
Of 1,400 affected users, over 20 are academics, lawyers, Dalit activists and journalists from India.
Sidhant Sibal, who is principal diplomatic and defence correspondent for WIONews, tweeted: “Here is the good news. WhatsApp was able to raise the alarm of hacking and they promptly took measures–Technical & Legal. Having being approached by them, they suggested measures to be safe online.”
According to WhatsApp, the NSO Group used the flaw to hack into users’ smartphones.
“It targeted at least 100 human-rights defenders, journalists and other members of civil society across the world,” the head of WhatsApp, Will Cathart, wrote in an op-ed published by The Washington Post.
In a statement, NSO Group denied performing any such act, saying it disputed the allegations and vowed to “vigorously fight them.”
In May, WhatsApp urged its 1.5 billion users to upgrade the app after discovering the vulnerability that allowed a spyware to be installed on users’ phones via the app’s phone call function.
NSO limits sales of Pegasus to state intelligence agencies and others. The software has the ability to collect intimate data from a target device.
According to experts, the victims of the latest WhatsApp spyware attack may have lost important personal information including location data and email content.
“The bug can be exploited based on a decades-old type of vulnerability – a buffer overflow,” Carl Leonard, Principal Security Analyst at cybersecurity company Forcepoint, told IANS.
“One could assume that an attacker may seek out bulk contact lists, email data, location data or other personal information,” Leonard added.