Had warned of vulnerability in WhatsApp in May: Govt
Rejecting allegations regarding purchase of Israeli spy software Pegasus to tap WhatsApp calls and messages of individuals as "misleading" and attempts to "malign" government's image, the Centre on Wednesday informed Parliament that its CERT-In division had warned of countermeasures to users about vulnerability in WhatsApp in May.
He said that the Computer Emergency Response Team (CERT-In) had published a vulnerability note on May 17 advising countermeasures to users about a vulnerability in WhatsApp.
In a written reply to the Lok Sabha on a query of All India Majlis-e-Ittehadul Muslimeen (AIMIM) chief Asaduddin Owaisi, Union Information and Technology Minister Ravi Shankar Prasad said WhatsApp subsequently reported an incident to the CERT-In on May 20.
In the report, the Minister said, WhatsApp stated that it had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out attacks.
The Minister said that WhatsApp wrote to CERT-In on September 5 mentioning an update to the security incident reported in May 2019, that while the full extent of this attack may never be known, WhatsApp continued to review the available information.
Prasad said the WhatsApp has informed the government that Pegasus was developed by an Israel based company NSO Group which had used the spyware to attempt to reach mobile phones of a possible number of 1,400 users globally that includes 121 users from India.
"WhatsApp believes it is likely that devices of approximately 121 in India may have been attempted to be reached. Based on media reports on October 31, about such targeting of mobile devices of Indian citizens through WhatsApp by spyware Pegasus, CERT-In has issued a formal notice to WhatsApp seeking submission of relevant details and information."
The Minister said that the government has taken note of the fact that the spyware had affected some Whatsapp users.
Citing statements based on reports in the media, the Minister said these attempts to "malign the government of India for the reported breach is completely misleading".
"The government is committed to protect the fundamental rights of citizens, including the right to privacy. It operates strictly as per provisions of law and laid down protocols. There are adequate provisions in the Information Technology (IT) Act, 2000 to deal with hacking, spyware."
Ministry of Electronics and Information Technology is working on the Personal Data Protection Bill to safeguard the privacy of citizens, and it proposes to table it in Parliament, he added.
In its revelation, WhatsApp had informed that messages and calls of some activists and journalists in India shared on its platform were intercepted using Pegasus. The matter led to furour with some opposition parties alleging that it was part of a ploy by the government to snoop on its critics.
The government then also rubbished the allegations and sent a notice to WhatsApp for not informing it about the vulnerability in its messenger platform that was exploited by NSO.IANS