After expressing its commitment to safeguard its citizens’ data, the government on Wednesday revealed that personal data of 20 WhatsApp users out of the 121 users targeted using Pegasus spyware may have been accessed by the attacker.
The case came to limelight after WhatsApp decided to sue the Israeli surveillance company in October, claiming it had discovered more than 1,400 of its users around the world, who were targeted by NSO technology in a two-week period in May. Facebook-owned Whatsapp had said that Indian journalists and human rights activists were among those globally spied upon by unnamed entities using Pegasus spyware.
“WhatsApp continues to review the available information. It also mentioned that WhatsApp believes it is likely that personal data within the WhatsApp app of approximately twenty users may have been accessed out of approximately one hundred and twenty one users in India whose devices the attacker attempted to reach,” Union Minister Ravi Shankar Prasad said in Lok Sabha.
On May 20, WhatsApp reported an incident to country’s cybersecurity watchdog Cert-In, stating that it had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices.
WhatsApp also told CERT-In that the vulnerability could no longer be exploited to carry out attacks. Prasad said the government is committed to protect fundamental rights of citizens, including the right to privacy.
“The government operates strictly as per provisions of law and laid down protocols. There are adequate safeguards to ensure that no innocent citizen is harassed or his privacy breached,” he said.
In response to another question on malicious mobile apps stealing user data, the minister said the propagation of such applications, targeting mobile phones, are being reported globally. “Such malicious applications could be used for stealing data from infected mobile phones for further misuse by cyber criminals,” Prasad said.
The government has taken several measures to check malicious apps which includes issue of alerts and advisories about threats and vulnerabilities affecting mobile phones, along with countermeasures by the Indian Computer Emergency Response Team (CERT-In), he said.
“Security tips have been published to enable users to secure their mobile and smart phones by CERT-In. Government has operationalised the Cyber Swachhta Kendra (CSK) to enable detection and cleaning of malicious code including from mobile and smartphones,” Prasad added.