WhatsApp Tells MeitY It Was Quick To Act On Major Security Bug, Modified App Versions

After back-to-back security compromises last week, Facebook-owned chat messaging company WhatsApp has told the Indian government that it was quick to solve the voice call vulnerability, which allowed hackers to install apps surreptitiously in the background.

In a response to the letter by the Ministry of Electronics and Information Technology (MeitY), WhatsApp has reportedly said that while no security measures including theirs is perfect, they are committed to doing all they can to prevent further abuses and breaches.

The abuse being referred to here is a spyware developed by Israeli cyber surveillance company NSO Group which allowed attackers to inject spyware on phones with WhatsApp by using the app’s voice call function. The attack allowed hackers to stealthily install apps in the background during a voice call.

The malicious spyware affected WhatsApp on both Android and iOS. However, the extent of the damage couldn’t be ascertained even though WhatsApp claimed that it fixed the issue within 10 days. Further, WhatsApp also started to roll out a fix last week and issued a patch for customers on May 13, 2019. It had urged all customers and users to update to the most recent version of the app through Google Play or Apple App Store.

WhatsApp told MeitY that it had corrected the vulnerability through the deployment of strong server-side protections, hence it was not imperative for users to upgrade their WhatsApp version or phone operating systems. It had, however, asked its users to upgrade simply as a matter of “abundant caution.”

Another concern for the Indian government came in when reports showed that modified versions of the WhatsApp app and other software tools to manage the application that cost a mere $14 are helping Indian digital marketers and political activists bypass anti-spam restrictions set up by the Facebook-owned company.

Apps such as JT WhatsApp and GB WhatsApp are being used under the aliases of WhatsApp to get around the limit on forwards. It is to be noted that until last year, WhatsApp allowed message forwarding to 256 contacts. To target bulk messaging and fake news spread, it has put a limit of five on forwarding messages.

To this, WhatsApp has told MeitY that it had come down heavily on unofficial versions of WhatsApp and had taken action against four million accounts abusing its rules during the Indian election season.

The company told the government it had taken action against “dozens” of private companies in India that were violating its terms of service in this manner. It asked for the government’s cooperation in bringing to its attention companies that Indian authorities may be aware of in this regard.

Despite following the Code of Ethics set by the Election Commission of India, releasing regular advertisements, and conducting knowledge drives over the last few months, WhatsApp is unable to root out the fake news issue. And with the elections winding down, there are some doubts about the efficacy of these measures in the first place.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.