How Big Is the Menace of Spyware Pegasus?
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
Two days after media reports of snooping on journalists sent popular messaging service WhatsApp and the Indian government scrambling for answers, the blame game does not seem to have stopped.
According to reports, WhatsApp claims it had informed government officials about the breach in May, refuting allegations about having kept it a secret.
The controversy around spyware ‘Pegasus’, which snooped into the phones of 1,400 people across the world earlier this year, is the latest in a series of privacy-related concerns to have hit social media companies in the recent past.
Facebook, which owns the messaging service, has come under the scanner in recent times for its indirect involvement in influencing political discourse and its apparent inability to keep user data private.
The Pegasus controversy has brought scathing comments from different parts of the Indian political system.
What We Know So Far
WhatsApp reportedly stated that it notified Indian and international government authorities in May and “quickly resolved a security issue”.
However, ANI reported, citing government officials, that the communication from WhatsApp was technical jargon without any mention of Pegasus or extent of the breach.
CERT-IN, or the Indian Computer Emergency Response Team, which is responsible for securing the cyberspace for Indians and falls under the purview of Ministry of Electronics and Information Technology, had issued a vulnerability note on May 17 this year.
With a severity rating of ‘high’, the note stated, “A vulnerability has been reported in WhatsApp which could be exploited by a remote attacker to execute arbitrary code on the affected system.”
Among its list of references, the note has a link to a Hacker News article. The article, published on May 14, mentions Pegasus.
“Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs Pegasus spyware on to Android and iOS devices,” it reads.
According to its website, the NSO Group is a technology firm that focuses on cyber intelligence.
What Has Been Done?
Several media reports have stated that WhatsApp reached out to certain journalists and human rights activists in India as recently as October to inform them that their data was affected.
The Indian Express reported on Thursday that at least two dozen academics, lawyers, Dalit activists, and journalists were alerted. Reportedly, WhatsApp declined to reveal the number.
On Tuesday, WhatsApp filed a case against the NSO Group in a Federal court in San Francisco. According to the complaint, the company claims the breaches were “between in and around April 2019 and May 2019”.