In response to allegations of privacy breaches by various Indian WhatsApp users using Israeli surveillance software Pegasus, the Facebook-owned messaging company claimed on Friday that it had informed the Government of India about the vulnerability of its software in May 2019.
The Pegasus spyware was used to spy on journalists, activists and lawyers in India and 1,400 worldwide. First comment has confirmed that 20 people were affected by spyware.
In a statement, WhatsApp said: “Our highest priority is the privacy and security of WhatsApp users. In May, we quickly resolved a security issue and notified the relevant Indian and international government authorities. Since then, we have worked to identify specific users to ask the courts will hold the international spyware firm known as NSO Group responsible. “
According to a vulnerability note published in CERT-IN, a government agency charged with the “objective of securing Indian cyberspace”, CERT-IN was aware of the vulnerability in May 2019.
CERT-IN belongs directly to the Ministry of Electronics and Information Technology, headed by Ravi Shankar Prasad.
However, government sources said AND ME that “the communication was purely technical jargon with no mention of Israeli Pegasus or the extent of the violation.”
What does the CERT-IN vulnerability note say?
On May 17, 2019, CERT-IN published a vulnerability note (CIVN-2019-0080) related to WhatsApp on its website with a severity rating of “HIGH”. He said:
“A vulnerability has been reported in WhatsApp that could be exploited by a remote attacker to execute arbitrary code on the affected system.”
Under a subtitle “description”, the note provides a detailed explanation of what the vulnerability is about. It reads:
“This vulnerability exists in WhatsApp due to a buffer overflow condition bug. A remote attacker could exploit this vulnerability by making a decoy WhatsApp voice call to a target user’s phone number and sending specially crafted series of SRTCP packets to the system. This could trigger a buffer overflow condition that leads to arbitrary code execution by the attacker.
“Successful exploitation of this vulnerability could allow the attacker to access information in the system, such as call logs, messages, photos, etc., which could further compromise the system.”
The last sentence of the note clearly defines what successful exploitation of the vulnerability it could allow.
The suggested solution to everyone was to update to the “latest version of WhatsApp”.
The note also shares a link to an advisory issued by Facebook, owner of WhatsApp, about the vulnerability and the versions of WhatsApp software that were affected by it. The notice, which was last updated on August 13, 2019, read:
“A buffer overflow vulnerability in WhatsApp’s VOIP stack allowed remote code execution through specially crafted series of RTCP packets sent to a target phone number.”
This advisory does not mention “Pegasus spyware”, however CERT-IN shared some links along with details about the vulnerability in a note on its website.
One of these links points to a news website called HackerNews, which reads: “Discovered, assembled and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit (read vulnerability) installs Pegasus spyware on Android and iOS devices.”
An archive of the URL history on the Wayback Machine shows that “Pegasus spyware” was mentioned in the article when it was published on May 15, 2019.
The report adds that “the victim will not be able to discover the intrusion later, since the spyware deletes the information of the incoming calls from the logs to operate stealthily.”
Government asks WhatsApp for an explanation
The Center on Thursday sought an explanation from WhatsApp to explain the privacy breach after the messaging platform informed several Indian users this week that Pegasus had been targeted earlier this year.
The Union’s information technology minister, Ravi Shankar Prasad, said yesterday that the government is concerned about the violation of the privacy of the citizens of India and has sought a detailed explanation of the messaging platform.
“We have asked WhatsApp to explain the type of violation and what it is doing to safeguard the privacy of millions of Indian citizens,” he wrote on Twitter.
WhatsApp reportedly revealed that journalists and activists in India have been under surveillance by operators using the Israeli Pegasus spyware.
The messaging platform said it had reached the people who were attacked, but declined to reveal the identities and “exact number” of those who were attacked.
With ANI inputs
Firstpost is now on WhatsApp. For the latest analysis, comments and news updates, please sign up for our WhatsApp services. Just go to Firstpost.com/Whatsapp and hit the Subscribe button.
Special expiration of Thursday the 10th November 7Diwali Big Discount Early Close Last Chance To Get Moneycontrol Pro For One Year @ Rs. 289 / – onlyCoupon code: DIWALI.