The Centre had cleared the air in a written reply in the Lok Sabha said it has taken note of reports that emerged in October of a spyware/malware called Pegasus’ having affected some WhatsApp users globally.
The Ministry of Electronics and Information Broadcasting said that 121 WhatsApp users had been impacted in India. The ministry was replying to a question raised by AIMIM MPs Asaduddin Owaisi and Imtiaz Jaleel.
“According to WhatsApp, this spyware was developed by an Israel-based company NSO Group and that it had developed and used Pegasus spyware in an attempt to reach mobile phones of a possible number of 1400 users globally that includes 121 users from India,” the ministry informed the Lower House of the Parliament.
The Centre dismissed allegations that government agencies were behind the snooping. “Some statements have appeared, based on reports in media, regarding this. These attempts to malign the Government of India for the reported breach are completely misleading. The government is committed to protecting the fundamental rights of citizens, including the right to privacy,” the written reply read.
The government informed that the Indian Computer Emergency Response Team (CERT-In) published a vulnerability note on May 17, 2019 advising counter-measures to users regarding a vulnerability in WhatsApp. Subsequently, on May 20, 2019 WhatsApp reported an incident to the CERT-In stating that WhatsApp had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices and that the vulnerability can no longer be exploited to carry out attacks.
Subsequently, the Ministry of Electronics and Information Technology said on September 5, 2019 WhatsApp wrote to CERT-In mentioning an update to the security incident reported in May 2019, that while the full extent of this attack may never be known, WhatsApp continued to review the available information.
Late October, reports had emerged that prominent human rights activists, journalists and lawyers’ mobile phones had been targeted by Israeli spyware in the run-up to the Lok Sabha elections this year.
Subsequent to that, CERT-In issued a formal notice to WhatsApp seeking submission of relevant details and information.