WhatsApp recently got hit with a pegasus spyware attack that targeted human rights activists (lawyers, journalists, diplomats, academics, et al). Pegasus attack exploited a loophole in the video calling feature on WhatsApp. Anybody who bought the Pegasus software could easily get access to a person’s phone or device data. And the Indian government now wants to conduct an audit of WhatsApp’s security system following the pegasus spyware row, reports Reuters.
The plans of auditing WhatsApp were announced by the Minister of Electronics and Information Technology, Ravi Shankar Prasad, last week. The Indian Computer Emergency Team (CERT-In) “sought submission of information from WhatsApp on November 9, 2019, including a need to conduct an audit and inspection of WhatsApp’s security systems and processes,” Ravi Shankar Prasad told parliament in a statement.
After the Pegasus spyware, WhatsApp sued the Israeli spyware firm, NSO group over cyber attacks and demanded a permanent injunction against the NSO. It accused the NSO of helping its clients break into the phones of roughly 1,400 users across four continents. After the news broke out, WhatsApp downloads in India also dropped down by 80%.
As far as CERT’s queries are concerned, Prasad said that WhatsApp has responded to the queries, but there are additional information about the malware and its impact on the Indian users that the NSO Group needs to provide. Prasad also added that WhatsApp had informed CERT of an incident back in May where the firm had fixed a “vulnerability that could enable an attacker to insert and execute code on mobile devices”.
NSO had denied any allegations of the attack and mentioned that it only offers “technology to licenced government intelligence and law enforcement agencies to help them fight terrorism and serious crime”.