With the gaps found in the response of the US-based firm WhatsApp to the Indian Government regarding the issue of the spyware attack on various Indian citizens in April and May, the Ministry of Electronics and Information Technology (MeitY) has asked WhatsApp to report their take on this account.
This call came after the Pegasus which is expensive spyware developed by an Israeli company NSO globally compromised the privacy of various WhatsApp users by breaching into their mobile phones and collecting all their encrypted information inside the said social app. The Ministry states that the messaging company has not reported about the Indians who have also been victimized in this cyber-attack on time. And that they have gained the information about this from other available sources and CERT.
WhatsApp to counter the Ministry’s claim has written a reply to them, disclosing the two letters that were sent to the Government in May and September. The letters contain the vulnerability note about their system which testifies to the question raised by MeitY.
They revealed that the Pegasus largely targeted multiple activists, journalists, and lawyers, summing up to 121 total Indians who were compromised by this NSO owned spyware. On October 29, WhatsApp has also allegedly filed a suit against the NSO Company in San Francisco court according to the US laws. But the Israeli firm denies all the charges rose upon by WhatsApp and clarifies that their technology has always been sold to the licensed Government agencies around the world.
Furthermore, the officials presented that the CERT, an agency that handles cybersecurity has already issued the vulnerability note to the Supreme Court on May 17 before the WhatsApp came up with their report on May 20.
CERT has apparently identified its vulnerability which is due to buffering overflow and reported that the exploiters might use this opportunity to breach the system. And thus they suggested that the users should continuously upgrade their social app to the latest version as the WhatsApp has now patched this vulnerability finally allowing the users the much-needed relief from all the spyware attacks.
However, the question still remains about the one who initiated such alarming outbreak in India and who will be held responsible for all this?