India demanded answers from WhatsApp over a snooping scandal Thursday after coming under fire from critics who accused authorities of using malware installed on the Facebook-owned messaging service to spy on citizens.
WhatsApp has filed a lawsuit in the United States against Israeli technology firm NSO Group, accusing it of using the hugely popular instant messaging platform to conduct cyberespionage on nearly 1,400 journalists, diplomats, dissidents and human right activists worldwide.
The Israeli firm has denied journalists and activists were targeted and said that it only licenses its software to governments for “fighting crime and terror”.
Indian media reports said 20 activists, lawyers and journalists were informed by WhatsApp recently that their phones were compromised for two weeks in May.
Nearly two dozen activists, lawyers and journalists were targeted in India — WhatsApp’s biggest market with some 400 million active users — according to Indian media reports.
The Indian Express reported WhatsApp confirmed a number of Indian users had been targeted by the Pegasus spyware, which installed itself on their devices and relayed back data to the hackers.
New Delhi has asked WhatsApp to “explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens,” information and technology minister Ravi Shankar Prasad wrote on Twitter, denying the government had used the malware to spy on its citizens.
Government of India is concerned at the breach of privacy of citizens of India on the messaging platform Whatsapp. We have asked Whatsapp to explain the kind of breach and what it is doing to safeguard the privacy of millions of Indian citizens. 1/4 pic.twitter.com/YI9Fg1fWro
— Ravi Shankar Prasad (@rsprasad) October 31, 2019
Read more: India issues fresh warning to WhatsApp over lynching deaths
But opposition leaders accused the government of invading citizens’ privacy.
“A government that spies on journalists/activists/Opposition leaders and treats its own citizens like criminals has lost the right to lead in our democracy,” main opposition Congress party spokesperson Randeep Surjewala said in a tweet.
Indian media reports said 20 activists, lawyers and journalists were informed by WhatsApp recently that their phones were compromised for two weeks in May.
The Israeli firm has denied journalists and activists were targeted and said that it only licenses its software to governments for “fighting crime and terror”.
Rights activists and dissidents in India have accused the Prime Minister Narendra Modi’s Hindu nationalist government of intimidating them over their criticism of policies.
Since Modi’s ascent to the top post in 2014, it has banned hundreds of non government organisations and stopped funding of many more.
Read more: India slams WhatsApp over deadly rumours
Rupali Jadhav, an activist, and one of those contacted by WhatsApp said she suspected that she was targeted for her work on caste, class and gender rights.
“We are told India is a democracy. But if our right to privacy is violated, doesn’t that raise questions?” she told an Indian online outlet.
How does Pegasus come into your phone, and how safe are you?
In May 2019, WhatsApp identified that a bug in the app’s call function was used to install a malicious code into users’ phones. On October 29, it identified the malicious code as Pegasus, a spyware developed by an Israeli company, NSO. WhatsApp and its parent company Facebook have sued NSO in a U.S. court.
How does Pegasus come into your phone?
The code is transmitted by calling the target phone on WhatsApp. The code enters the phone even if the call is not answered. According to some reports, the log of that call gets erased. According to The Citizen’s Lab of the University of Toronto, which worked with WhatsApp on identifying spyware victims, this is only one of the ways of delivering Pegasus. It notes several other cases such as alarming SMSs that prompt targets to click on a link.
What does Pegasus do?
Once installed, Pegasus can send the target’s contacts, calendar events, phone calls on and messages on communication apps like WhatsApp and Telegram to the spyware’s controller. It could steal messages from even services that offer encryption because it was taking the messages before the encryption process, according to anti-malware service Kaspersky. The controller can also turn the phone into a spying device by switching on its camera or microphone.
Who was targeted?
According to reports, over 100 human-rights activists, lawyers, and journalists were targeted across the globe. This included several lawyers and journalists in India.
Are you safe?
According to Kaspersky, Apple’s iOS security update 9.3.5 take care of the vulnerability exploited by Pegasus. Google, in a earlier blogpost, says it identifies infected Android phones and disable the malware and informs the targets.
AFP with additional input by GVS News Desk.