Pegasus attack: WhatsApp seeks closer engagement with government

WhatsApp has finally replied to the government saying that it has fixed the app’s vulnerability that allowed hackers to remotely install malware on people’s phone. In an official reply to the notice by the Indian Computer Emergency Response Team (CERT-In), the Facebook-owned instant messaging is also seeking better cooperation from the government on the issue. CERT-In has asked the platform to restore its security wall. The matter is also a hot topic in the ongoing parliament session. 

“The CERT-In published a vulnerability note on May 17, 2019 advising countermeasures to users regarding a vulnerability in WhatsApp. Subsequently, on May 20, 2019 WhatsApp reported an incident to the CERT-In stating that WhatsApp had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out attacks,” Ravi Shankar Prasad, Union Minister of Electronics and Information Technology, said in the Lok Sabha.

The CERT-In, the nodal agency that deal with cyber security threats like hacking and phishing, has already asked WhatsApp users to update the apps to secure their data. Previously, WhatsApp confirmed to the agency that no user was harmed from the vulnerability that could have allowed hackers to deploy the malware via ‘specially crafted’ MP4 file on a user’s device to steal sensitive files and use the phone for surveillance purpose.

The Remote Code Evaluation (RCE) vulnerability that allows hackers to perform an attack remotely does not require any form of authentication from the victim end. ‘WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance, there is no reason to believe users were impacted,’ a WhatsApp spokesperson was quoted as saying.

WhatsApp confirmed last month that Pegasus spyware was used to snoop on about 1,400 Indian journalists and human rights activists in May this year. The spyware in question has been developed by the Israeli company NSO Group that ties up with governments and use the technology to fight terrorism and crime.