The centre today rejected accusations of using Israeli spyware Pegasus to snoop on activists and journalists, claiming that it had warned users about this vulnerability in WhatsApp -- the messaging application allegedly used by hackers to gain access to mobile phones -- nearly six months ago. It also said that WhatsApp has expressed regret over the incident, and given its assurance that the privacy of phone users will not be breached again.
In a written response to a query raised in the Lok Sabha, Union Information and Technology Minister Ravi Shankar Prasad denied a Congress claim to say that the government's Computer Emergency Response Team (CERT-In) team had published a note suggesting countermeasures to tackle the vulnerability in the messaging application on May 17. WhatsApp subsequently reported alleged incidents of snooping to CERT-In on May 20, he added.
According to Mr Prasad, WhatsApp said it had fixed a vulnerability that enables attackers to insert a malicious code in certain mobile devices through a voice call. In another update provided on September 5, it said that all available information on the breach was being reviewed, although the full extent of the attack may never be known.
The snooping controversy broke out earlier this month, when WhatsApp revealed that 121 Indian journalists and activists were among 1,400 mobile phone users across the globe to be targeted with the Pegasus spyware. This sparked allegations that it was part of an attempt by the centre to snoop on individuals opposed to its political ideology.
Mr Prasad, however, termed claims of the centre's involvement in the scandal as an "attempt to malign" its image. "The government is committed to protecting the fundamental rights of citizens, including their right to privacy. It operates strictly as per the provisions of the law and laid-down protocols. There are adequate provisions in the Information Technology Act-2000 to deal with hacking and spyware," he said, adding that the Ministry of Electronics and Information Technology was even working on a Personal Data Protection Bill to safeguard the privacy of citizens.
Earlier today, CERT-In warned of another vulnerability in WhatsApp that can be exploited through the forwarding of an MP4 file. "A remote attacker could exploit this vulnerability by sending a specially crafted MP4 file to the target system," it said in an advisory, adding that upgrading to the latest version of the software could help protect mobile devices.
(With inputs from IANS)