The Context:
A messaging app- WhatsApp, which has about 400 million users in India, has been testing its payments services in the country since last year, with about a million users. Competing against Paytm, PhonePe and Google Pay, when it is rolled out nationally in India.
The latest security incident around WhatsApp may have a bearing on the launch of its digital payment services in India as these systems need to be ‘fool-proof.’ The official sources said that the government is ‘disturbed’ about WhatsApps’s lack of disclosures on the hacking incident.
What is Pegasus spyware?
You have heard the name Pegasus by now. Those who haven’t might be wondering. It’s a spyware developed by Israel-based security company- NSO Group Technologies. Used probably by the government for hacking and snooping on journalists, lawyers, and activists in India. Pegasus is meant to infiltrate smartphones silently and work on three things- collect historic data on the device, continuously monitor activity, and transmit this data to a third party.
Other than Android and iOS systems, Pegasus can also penetrate Symbian and BlackBerry-based devices. The malware infects the system devices via phishing text messages that trick users into clicking a particular link, using the over-the-air update system. In WhatsApp’s case, the spyware vulnerability is used to allow infection through missed video calls.
This vulnerability was confirmed by WhatsApp’s Global Head in May this year. The spyware completes the process in the background, entirely out of the user’s notice. Henceforth, it was confirmed that Pegasus doesn’t require the user’s attention is one of the reasons why the spyware is so dangerous and widespread amongst security contractors.
Once the spyware is on your phone, Pegasus has access to data that’s already on your phone, including photos, videos, text messages, email apps, browsing the history, contact list, location, files, other messaging apps, etc.
It can also listen to you and sounds around you through the phone’s microphones, record incoming and outgoing calls, capture screenshots, and use the phone’s camera to take photos. Pegasus is designed to never use more than 5% of the free space on your phone. So, if you have 10GB of free space, the malware will use only about 500MB at a time, something that’s near impossible to detect on a smartphone, even if you’re checking.
Pegasus also removes data on a first in first out basis if it hasn’t been able to transmit to its servers for a while. Unfortunately, there is no real way to avoid a Pegasus attack other than the regular best practices. The best way to prevent such malicious vulnerabilities is by not downloading suspicious files, clicking on unknown links, etc. and those remain the best way to fight this malware.
Payments Hurdle:
- Discussions: Ongoing on safety of digital payments through platforms like WhatsApp.
- Move may delay: Launch of WhatsApp payment service in India
- MeitY-WhatsApp: Row being monitored at the highest level of the govt.
- WhatsApp: maintains it informed CERT-IN again in September with details of the hack.
- Govt. says: Response was at best speculative & inadequate, that it learned details through press reports.
The controversy began with WhatsApp/ Facebook filing a lawsuit in the US against the Israeli company NSO on October 29, within days of the Indian Supreme court allowing the Centre to issue intermediary guidelines in three months. The row between WhatsApp and the Indian authorities continued with the company insisting it had informed the government of the security breach, along with details. And according to an official, WhatsApp didn’t disclose complete information to them, further adding- they learned it through media reports.
Regulations are coming:
The guidelines are expected to allow the government to legally bind WhatsApp and any other messaging platform to tracing the source of any message on their platforms. According to WhatsApp, it would be impossible without compromising the encryption that supposedly guarantees user privacy.
Hence, the Indian government is reportedly in talks with the Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI) to gauge whether it’s a wise decision to allow social networking platforms to conduct financial transactions. The recent spyware attack encroached on the privacy of 1,400 users worldwide and 21 Indian users. Users affected included journalists, human rights activists, political dissidents, and diplomats. The Group developed its malware to access messages and other communications after they were decrypted on target devices.
India’s Supreme Court has directed the central government to form rules and regulations for governing social media platforms by January 2020, bringing more clarity around the obligations of WhatsApp and other mobile apps. To know more about the Pegasus WhatsApp Hack Visit here. WhatsApp has been in the features for quite some time for suing the Israel-based NSO Group for the latter’s apparatus called Pegasus which was used to carry out unauthorized surveillance. The suit was recorded in a US bureaucratic court, charging that the Israeli firm had wrongfully helped government agencies to hack the cell phones of more than 100 distinguished individuals all-inclusive, including the telephones of writers, human rights laborers, legal counselors, strict figures, and the individuals who have now become the subject of online assaults.
Stay Updated. Stay Protected!