Cybersecurity agency CERT-In has issued a notice to WhatsApp seeking details on targeting of mobile phones of Indian citizens by Israeli spyware Pegasus, Parliament was informed on Wednesday. Replying to a Lok Sabha question, IT Minister Ravi Shankar Prasad said the government is committed to protecting fundamental rights of citizens, including the right to privacy and added that attempts to malign the government for reported breach are misleading.
Last month, WhatsApp had revealed that Indian journalists and human rights activists were among those globally spied upon by unnamed entities using Pegasus spyware. According to WhatsApp, the spyware was developed by Israel-based NSO Group and had been used to snoop on about 1,400 users globally, including 121 users from India.
Following government’s notice seeking more information on the attacks, WhatsApp had responded saying it had alerted the Indian Computer Emergency Response Team (CERT-In) in September that 121 Indian users had been targeted by Pegasus.
“Based on media reports on October 31, 2019, about such targeting of mobile devices of Indian citizens through WhatsApp by spyware Pegasus, CERT-In has issued a formal notice to WhatsApp seeking submission of relevant details and information,” Prasad said in a written reply to the Lok Sabha on Wednesday.
The minister pointed out that the CERT-In had published a vulnerability note on May 17, advising countermeasures to users regarding a vulnerability in WhatsApp. On May 20, WhatsApp reported an incident to CERT-In stating that it had identified and promptly fixed a vulnerability that could enable an attacker to insert and execute code on mobile devices. WhatsApp had also told CERT-In that the vulnerability can no longer be exploited to carry out attacks.
Prasad said on September 5, WhatsApp had provided an update to CERT-In saying while the full extent of the attack may never be known, the company continued to review the available information. “It also mentioned that WhatsApp believes it is likely that devices of approximately 121 users in India may have been attempted to be reached,” the minister said.
Prasad said the government operates strictly as per provisions of law and laid down protocols, and that there are adequate provisions in the Information Technology (IT) Act, 2000 to deal with hacking and spyware. He added that the Electronics and IT Ministry is working on the Personal Data Protection Bill to safeguard the privacy of citizens, and it is proposed to be tabled in Parliament.