WhatsApp Vulnerability Advisory Is Back After Pegasus Spyware Scandal

Trouble for WhatsApp doesn’t seem to end. After the Pegasus spyware controversy made the instant messaging app the prime target of the Indian government, the Indian Computer Emergency Response Team’s (CERT-In) website is now back.

The advisory, which warned users against WhatsApp’s vulnerabilities, was removed for a few days after the Pegasus spyware came to light. The removal did not go down well with the members of civil society and privacy enthusiasts.

CERT-In wrote a detailed explanation in May 2019 — the time when WhatsApp claimed to have upgraded its security to stop the Pegasus attack  — that the messaging app that could be exploited by an attacker or hacker, simply by making a voice call.

CERT-In also warned WhatsApp users that the vulnerability could allow hackers to access mobile devices and the information on it — logs, messages and photos. It also added that the accessed information and data could be further compromised. The statutory body, which comes under the Ministry of Electronics and Information Technology (MeitY), rated WhatsApp “high” in vulnerability severity and advised users to upgrade to the latest version of the app.

WhatsApp and the Indian government have been going all out against each other since the pegasus spyware breach came to light. The Indian government has been particularly distrubed by the fact that WhatsApp never revealed anything about Pegasus spyware, which targeted 121 Indians — journalists, activists and academia, among others. Overall, the spyware attacked users from over 143 countries.

However, WhatsApp claimed that it had informed the Indian government twice, in May and September 2019, regarding the spyware. The first letter was written in May, after WhatsApp had discovered the attack and quickly managed to resolve the security issue.

In the letter, WhatsApp allegedly informed the government about the attack and assured that it is doing everything to protect users from hackers.

The WhatsApp had also accused the Indian government of relying on the Israel-based software to spy on dozens of Indian citizens.

Meanwhile, the Indian government started raising its concerns regarding WhatsApp’s security and its seriousness about privacy, directly impacting digital payments platform WhatsApp Payments. The government was reportedly skeptical regarding WhatsApp’s competency to handle digital transactions.

The government has also reached out to the National Payments Corporation of India (NPCI) and Reserve Bank of India (RBI) to raise concerns regarding data security in WhatsApp Payments.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.