The Indian Express reached out to Home Secretary A K Bhalla and Electronics and Information Technology Secretary A P Sawhney for comments, but the efforts went unanswered.
Earlier WhatsApp filed a lawsuit in US federal court against Israeli technology firm NSO Group, accusing it of using the Facebook-owned messaging service to target some 1,400 WhatsApp users including journalists, human rights activists and others. WhatsApp alleged that the companies violated US and California laws as well as WhatsApp’s terms of service which prohibit this type of abuse. It claimed that smartphones were penetrated through missed calls alone.
Meanwhile, The NSO Group has been adamant that it only sells its software to governments for "fighting crime and terror" and that it investigates credible allegations of misuse.
In a statement, the NSO group said: “In the strongest possible terms, we dispute today’s allegations and will vigorously fight them. Our technology is not designed or licensed for use against human rights activists and journalists.” After doubts about this technology were first raised in May, the NSO Group said it put in place a ‘Human Rights Policy’ on September 19 which “further embeds human rights protections throughout our business and governance systems”.
A Canada-based cybersecurity
group Citizen Lab in 2018, found suspected NSO Pegasus infections associated with 33 of the 36 operators in 45 countries including India. The report claims that it discovered an Indian link active from June 2017 to September 2018.
“We identified five operators that we believe are focusing on Asia. One operator, Ganges, used a politically themed domain.” the group said.
Arab human rights activists approached Citizen Lab after the suspicion that they were under surveillance.
Earlier, the NSO Group ended its agreement with Saudi Arabia after news emerged that the firm's spyware had been used to target and track journalist Jamal Khashoggi before he was killed inside the Saudi Arabian consulate in Istanbul.
According to WhatsApp, the messages sent and received from the platform are encrypted and secure. The real problem arises when the hacker uses technology to compromise the device, making it prone to breach of privacy and thereby endangering personal freedoms.
The Facebook-owned messaging service in May alerted the users to upgrade the application to plug a security gap that allowed for the injection of sophisticated malware that could be used for spying the 1.5 billion users around the world.
Apparently, to draw a target under surveillance, a Pegasus operator will send a specially created 'link' to the target device and if the user clicks on the link, the operator can penetrate through security features on the phone and install Pesagus without any permission. The spyware then could contact the operator’s command and control servers to receive and execute operator commands, and send back the target’s private information, including passwords, contact lists, text messages, and live voice calls from popular mobile messaging apps. According to the lawsuit filed by WhatsApp, even without a response from the target (i.e, if the user doesn't click on the specially crafted link sent by the operator), the phone is still vulnerable to a privacy breach. Just a missed video call on WhatsApp can breach the security. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity.