india

Updated: Nov 02, 2019 10:15 IST

As the controversy over the alleged use of malware on messaging service WhatsApp deepens, it has emerged that a general alert was sent out by the Computer Emergency Response Team on May 17, 2019, and warned of the social media platform being compromised by the Pegasus spyware made by Israel-based NSO Group. The CERT Alert was issued for people-at-large.

In addition to this, a more detailed alert was issued by the Threat Analytical Unit (TAU) of the Indian Cyber Crime Coordination Division on May 25, 2019, urging staff in all government departments and security forces to take corrective action. “A zero-day vulnerability has been identified in WhatsApp VOIP stacks which allows attackers to install spyware named Pegasus to steal personal information from text messages to call logs and location data.” VOIP is short for Voice Over Internet Protocol. It advised people to immediately update their WhatsApp versions.

TAU is part of the recently formed Cyber and Information Security Division and plays a crucial role in providing a platform for law enforcement personnel, people from the private sector, academia and research organizations to work collaboratively to analyse all pieces of the puzzles in cybercrimes.

TAU produces cybercrime threat intelligence reports and issues alerts on emerging cybercrime threats. It functions in close coordination with the Indian security infrastructure. TAU also works in close coordination with the Computer Emergency Response Team and is used to raise awareness and initiate defensive cyber operations to counter possible cyber threats.

The May 25 alert said: “WhatsApp uses the secure, real-time transport protocol to establish connections between clients and allow for audio and a video call. A buffer overflow vulnerability in the WhatsApp VOIP stack allows remote attackers to execute arbitrary code on the target phones by sending a specially crafted series of Secure Real-Time Transport Protocol (SRTCP) packets by merely placing a WhatsApp call, even when the call is not answered.’ In addition, the alert also listed the kind of operating the software of phones that are particularly vulnerable to Pegasus - the malware.

Similarly, the Computer Emergency Response System of India in the May 17 alert had described the “buffer overflow condition error,” - the coding flaw in WhatsApp that was exploited to deliver the malware to the targets. Like the later alert of TAU, the CERT alert also advised using patches and updating the version of WhatsApp software.

It is not clear whether CERT.IN and TAU had individually detected the Pegasus malware or were only reacting to global reports of the WhatsApp messaging service being comprised. A week prior to the alert, there had been reports in the media about WhatsApp being compromised. The alert issued by DG CERT also linked the alert to media reports of WhatsApp being compromised.

“It was a combination of both. Reports of WhatsApp being compromised were taken note of ,which were investigated separately before the alert was issued,” a senior official who did not want to be named said and added, “the modus operandi is a globally accepted protocol and practice.”

“Every software has its own vulnerabilities. With innovation taking places in computer technology, hackers exploit these vulnerabilities. The exploitation of such weakness in WhatsApp is one such case. One cannot say for sure that WhatsApp or for that matter any software is completely secure,” former Cyber Security Coordinator Gulshan Rai said.