18 November 2019
WhatsApp has officially confirmed that Israeli spyware Pegasus was used to snoop on numerous Indian users. It told The Indian Express that while it knows the exact number of affected users and their identities, it will not be making these details public. It further added that all of those users have been alerted about the situation.
These affected Indian users included various journalists and human rights activists. The spying attack was carried out in run-up for the elections and was live until May 2019. All of them were spied on with the help of Pegasus, sophisticated spyware developed by an Israeli group called NSO. It is usually implanted on the target's device using exploited links but for the Indian attack, a missed video call on WhatsApp was more than enough.
The official statement from WhatsApp reads:
“Indian journalists and human rights activists have been the target of surveillance and while I cannot reveal their identities and the exact number, I can say that it is not an insignificant number."
Pegasus installs itself and works on the victim's device quietly in the background. A user does not even know that it is present on the device and it starts sending all sorts of data to the spyware operator. These include but not limited to text messages, call logs, contacts, calendar events, passwords, and even live voice calls. It can also make use of the phone's camera and microphone to see and listen to everything that's going on within the phone's vicinity. In response, NSO has denied doing anything wrong and has claimed that it sells Pegasus only to vetted and legitimate government agencies.
The sensational finding on spying on Indian users has surfaced just days after WhatsApp filed a lawsuit against NSO in the United States. It has accused the group of snooping on over 1,400 users from around the world. For what it's worth, WhatsApp released an update in May to make the app more secure and fix the issue.