WhatsApp's report to CERT-IN back in May about Pegasus is now gone for reasons unknown

A May 2019 note published on the Government of India's cyber response team CERT-IN's website which gave a detailed explanation about the vulnerability that allowed hackers to install Israel spyware Pegasus has been deleted for reasons unknown


A day after WhatsApp said that it had informed CERT-IN, India's cyber response team, about the vulnerability that allowed hackers to install Israeli spyware Pegasus on smartphones, a vulnerability note published on the government organisation's website which mentioned the exploit has been deleted for reasons unknown.

The CERT-IN note dated 17 May 2019 and gave detailed explanation of the "buffer error" in WhatsApp which allowed hackers to snoop around smartphones of over 1,400 people worldwide, including journalists, activists and lawyers in India. Firstpost has confirmed names of 20 individuals in India who were affected by it.

Earlier, government sources had said that the Facebook-owned online messaging giant didn't inform India about the vulnerability. Union Minister of Electronics and Information Technology Ravi Shankar Prasad had sought an explanation from the company about the breach by 4 November.

WhatsApps report to CERT-IN back in May about Pegasus is now gone for reasons unknown

Representational Image Credit: Reuters

On Friday, WhatsApp responded to the allegations, saying, it had informed Indian authorities of the vulnerability in May 2019. However, government sources dismissed the claims Friday saying the company didn't give enough information and its advisory was 'pure technical jargon'.

On Friday, news reports had shared screenshots of the May 2019 vulnerability note published on CERT-IN's website. This vulnerability note, however, has now been deleted from CERT-IN's website.

Government sources also said that the information shared by WhatsApp had nothing to do with the fact that the privacy of Indian users had been compromised and didn't mention Pegasus spyware.

A senior government functionary, who did not wish to be named, also questioned whether the recent reports on the hacking was a rearguard action by WhatsApp to prevent the government from bringing measures on traceability and accountability.

"WhatsApp officials have met Indian government in the last five months. This incident is of August.... then why did WhatsApp not inform us that time. Looking at our demand, now the US, UK and Australia have also raised pitch for traceability. So this is too much of a coincidence. This could be an attempt by WhatsApp to build pressure on countries to push back on growing global opinion for traceability using this example," news agency IANS quoted a government source as saying.

 

The government is also questioning the timing of the disclosure of the hacking incident, particularly against the backdrop of the Centre seeking three months'' time from the Supreme Court to come up with rules to curb misuse of social media in the country.

The government has categorically told WhatsApp that it wants the platform to bring in a mechanism to enable tracing of the originator of messages, a demand that WhatsApp has resisted citing privacy issues.

With inputs from agencies