tech2 News StaffNov 03, 2019 14:29:30 IST
A day after WhatsApp said that it had informed CERT-IN, India's cyber response team, about the vulnerability that allowed hackers to install Israeli spyware Pegasus on smartphones, a vulnerability note published on the government organisation's website which mentioned the exploit has been deleted for reasons unknown.
Did anyone notice that the filing where WhatsApp disclosed the vulnerability and linked to an article that referenced the NSO Group is now...gone from the CERT website? https://t.co/SE8XkyzXeF https://t.co/C8dRnlR9Q3
— ¯\_(ツ)_/¯ (@PranavDixit) November 1, 2019
The CERT-IN note dated 17 May 2019 and gave detailed explanation of the "buffer error" in WhatsApp which allowed hackers to snoop around smartphones of over 1,400 people worldwide, including journalists, activists and lawyers in India. Firstpost has confirmed names of 20 individuals in India who were affected by it.
Earlier, government sources had said that the Facebook-owned online messaging giant didn't inform India about the vulnerability. Union Minister of Electronics and Information Technology Ravi Shankar Prasad had sought an explanation from the company about the breach by 4 November.
On Friday, WhatsApp responded to the allegations, saying, it had informed Indian authorities of the vulnerability in May 2019. However, government sources dismissed the claims Friday saying the company didn't give enough information and its advisory was 'pure technical jargon'.
On Friday, news reports had shared screenshots of the May 2019 vulnerability note published on CERT-IN's website. This vulnerability note, however, has now been deleted from CERT-IN's website.
Government sources also said that the information shared by WhatsApp had nothing to do with the fact that the privacy of Indian users had been compromised and didn't mention Pegasus spyware.
A senior government functionary, who did not wish to be named, also questioned whether the recent reports on the hacking was a rearguard action by WhatsApp to prevent the government from bringing measures on traceability and accountability.
"WhatsApp officials have met Indian government in the last five months. This incident is of August.... then why did WhatsApp not inform us that time. Looking at our demand, now the US, UK and Australia have also raised pitch for traceability. So this is too much of a coincidence. This could be an attempt by WhatsApp to build pressure on countries to push back on growing global opinion for traceability using this example," news agency IANS quoted a government source as saying.
— Bharat Varma (@BharatVarma3) November 2, 2019
The government is also questioning the timing of the disclosure of the hacking incident, particularly against the backdrop of the Centre seeking three months'' time from the Supreme Court to come up with rules to curb misuse of social media in the country.
The government has categorically told WhatsApp that it wants the platform to bring in a mechanism to enable tracing of the originator of messages, a demand that WhatsApp has resisted citing privacy issues.
With inputs from agencies