India plans security audit of WhatsApp after hacking attempt

WhatsApp last month sued Israeli surveillance firm NSO Group, accusing it of helping clients break into the phones.

Update: 2019-11-29 02:14 GMT
A statement from the Union minister for information technology instead said India had asked WhatsApp to explain what the nature of the breach was and what it was doing to protect the privacy of Indians.

India wants to conduct an audit of WhatsApp’s security systems following revelations that a spyware exploited vulnerabilities in the Facebook-owned messaging platform, the country’s technology minister said on Thursday.

The Indian Computer Emergency Team (CERT-In) “sought submission of information from WhatsApp on November 9, 2019, including a need to conduct an audit and inspection of WhatsApp’s security systems and processes,” Ravi Shankar Prasad told parliament in a statement.

WhatsApp declined to comment.

WhatsApp last month sued Israeli surveillance firm NSO Group, accusing it of helping clients break into the phones of roughly 1,400 users across four continents. The targets of the hacking included diplomats, political dissidents, journalists, along with military and government officials.

Of those allegedly affected by NSO’s Pegasus spyware, 121 are based in India, WhatsApp’s biggest market with over 400 million users, two sources told Reuters previously.

WhatsApp has responded to CERT’s queries but further clarifications have been sought, Prasad said, adding that the agency had also asked NSO Group to provide information about the malware and its impact on Indian users.

NSO has previously denied snooping allegations and said it sells technology to governments to counter terrorism.

WhatsApp executives including CEO Will Cathcart made no mention of the spyware when they met Indian technology ministry officials in July and September, the minister said.

WhatsApp had, however, informed CERT of an incident in May in which the firm had identified and fixed a “vulnerability that could enable an attacker to insert and execute code on mobile devices,” Prasad said.

A group of Indians including journalists and lawyers whose phones were hacked via WhatsApp have asked the government to make public its ties with the Israeli firm accused of deploying the spyware.

Similar News