The government has sought information from WhatsApp, including “discussing the need to conduct an audit” of the app’s security systems and processes, IT Minister of State Sanjay Dhotre said in Lok Sabha today. This did not categorically answer BJP MP S. Muniswamy’s question about whether the government will conduct such an audit.
In December 2019, IT Minister Ravi Shankar Prasad had said in Rajya Sabha that CERT-In (Indian Computer Emergency Response Team) had written to WhatsApp on November 9, seeking more information, including a need to conduct an audit and inspection of WhatsApp’s security systems and processes. WhatsApp refused to comment if the government had sent any other communication after November 9.
Last year, it was revealed that approximately 121 users in India may have been breached by Pegasus, a sophisticated spyware from Israeli company NSO Group, using a since-then fixed vulnerability in WhatsApp that allowed attackers to plant spyware in users’ phones just by ringing their target’s device. Pegasus allows the hacker to intercept all communication to and from the device and to remotely control the device.
NSO Group has repeatedly said that it only sells to verified governments and law enforcement agencies. Thus far, the Indian government has not categorically confirmed or denied that it purchased the spyware.