WhatsApp snooping scandal

On October 30, 2019, WhatsApp's parent company Facebook, Inc. confirmed that Pegasus, a sophisticated snooping software developed by Israel's NSO Group, was used to target Indian journalists, activists, lawyers and senior government officials. The journalists and activists are believed to have been targets of surveillance for a two-week period until May, when the Indian national election was held. ^{[1] [2]}

The snooping scandal came out after WhatsApp filed a case in California's Northern District federal court against the NSO group, alleging the NSO group had developed the software used to infect 1,400 target devices with malware. ^[3]

The IT Ministry of India sought a detailed response from WhatsApp on the issue. ^[4] They responded that they had alerted the government on two occasions—once in May and for the second time in September 2019. ^{[5] [6] [7]} In response to Indian Government's order, WhatsApp informed the Computer Emergency Response Team of India in May and September that Pegasus spyware affected Indian WhatsApp users. ^[8]

Indian National Congress party alleged that the Narendra Modi-led government has been caught snooping on journalists, activists, lawyers and senior government officials. ^[9] They later alleged that their leaders, including general secretary Priyanka Gandhi, are also being targeted by this. They also claimed WhatsApp sent messages to different people whose phones were hacked. One such message was also received from the WhatsApp of Priyanka Gandhi a few months ago. ^[10]

Former Chief Financial officer of Infosys Mr. T.V. Mohandas Pai also demanded government to probe on the scandal and to come out with a report before the public. ^[11]

Broader context of Pegasus spyware usage

The WhatsApp incident was part of a larger pattern of Pegasus spyware abuse. Investigations by the Pegasus Project (2021) revealed that governments worldwide used the malware to target journalists, activists, and politicians, including associates of murdered Saudi journalist Jamal Khashoggi and staff of French President Emmanuel Macron. ^[12]

Technical details

The attack exploited CVE-2019-3568, a zero-click exploit vulnerability in WhatsApp's VoIP stack. The exploit allowed installation of Pegasus spyware without any user interaction. ^[13] WhatsApp patched the vulnerability through server-side fixes and client updates in May 2019.

Global legal repercussions

Beyond lawsuits in the U.S. and India, the scandal prompted regulatory scrutiny in the European Union, where lawmakers questioned NSO Group's compliance with GDPR requirements. ^[14] The Israeli government subsequently tightened oversight of cyberweapon exports.

NSO Group's response

NSO Group maintained that Pegasus was licensed exclusively to governments for counterterrorism purposes. The company stated it had no visibility into how clients used the software, though this claim was disputed by researchers. ^[15]

Impact on WhatsApp

Following the disclosure, many users migrated to alternative messaging platforms like Signal and Telegram. ^[16] WhatsApp responded by enhancing its security communications and emphasizing its commitment to end-to-end encryption.

See also

• Pegasus Project (investigation)
• Pegasus Project revelations in India

References

1. "Indian Govt. A Likely Culprit in WhatsApp Snooping Scandal, Pegasus Documents Show". HuffPost India. 1 November 2019.
2. "Several Indian Users Hit By Israeli Spyware, Says WhatsApp: 10 Points". 1 November 2019.
3. "Govt asks WhatsApp to explain breach amid phone snoop row - Times of India". The Times of India. November 2019.
4. "Indian Activists, Journalists Hit By Israeli Spyware, Govt Seeks Response From WhatsApp". Outlook (India). 31 October 2019.
5. "WhatsApp snooping: FB India chief appears before parliamentary panel". Business Standard . 15 December 2019.
6. "WhatsApp told govt about Pegasus spyware 2nd time in September, said 121 people spied on: Reports". India Today. 3 November 2019.
7. "Facebook India Head Appears Before Parliamentary Panel On WhatsApp Snooping Issue". BloombergQuint . 13 December 2019.
8. "WhatsApp snooping row: All you need to know". The Economic Times . 5 November 2019.
9. "WhatsApp told govt about Pegasus spyware 2nd time in September, said 121 people spied on: Reports". India Today. 3 November 2019.
10. "WhatsApp snooping row: Congress alleges Priyanka Gandhi's phone was also hacked". India Today. 3 November 2019.
11. "Govt needs to draw up norms to have control over Google, Facebook, Twitter: Pai". Mint . 4 November 2019.
12. "Pegasus project: Macron among potential targets of NSO client". The Guardian. 20 July 2021.
13. "CVE-2019-3568 Detail". National Vulnerability Database.
14. "EU calls for investigation into Pegasus spyware use". Politico. 19 July 2021.
15. "NSO Group says it can't reveal who uses Pegasus spyware". Reuters. 9 February 2021.
16. "Signal and Telegram downloads surge after WhatsApp privacy backlash". The Verge. 12 January 2021.

Further reading

• Israeli Firm Used Flaw In WhatsApp for Spying, The New York times, 14 May 2019. ProQuest   2224207786
• Nicole Perlroth, WhatsApp Says Israeli Firm Used Its App in Spy Program, The New York Times, 29 October 2019, ProQuest   2309940997
• Craig Timberg, Jay Greene, "WhatsApp accuses Israeli firm of helping hack phones", The Washington Post, 30 October 2019. ProQuest   2310144354
• Mehul Srivastava, Tom Wilson, "Inside the WhatsApp hack", Financial Times, 30 October 2019. ProQuest   2319628262
• Stephanie Kirchgaessner, NSO Group points finger at state clients in WhatsApp spying case, The Guardian, 7 April 2020. ProQuest   2387113555
• Tara Seals, Facebook's NSO Group Lawsuit Over WhatsApp Spying Set to Proceed, Newstex (blog), 20 July 2020. ProQuest   2429064633
• Shannon Vavra, "Israeli Spyware Firm NSO Group Could Soon Be Spilling Its Secrets", The Daily Beast, 9 November 2021. ProQuest   2595302362