WhatsApp says it moved fast to contain spyware attack damage

NEW DELHI: WhatsApp told the Indian government that it moved quickly to fix the vulnerability that allowed a spyware attack on users’ phones besides taking action against 4 million accounts to curb abuse of the platform during the general election.

“While no safety programme including ours is perfect and we must constantly improve… we are committed to doing all we can to prevent these abuses to our systems,” the Facebook-owned company said in its response to the government. ET has seen the communication.

The Ministry of Electronics and Information Technology (MeitY) had asked WhatsApp for details on the spyware hack that allowed perpetrators to snoop on users and what remedial action it had taken. The government also wanted to know whether WhatsApp users in India had been compromised, given that it’s used by politicians, bureaucrats and businesspeople.

The country is WhatsApp’s biggest market with more than 200 million users. The Financial Times reported May 13 that spyware developed by an Israeli cyber intelligence group had exploited a vulnerability in the WhatsApp calling function to infect a user’s phone with spyware, putting all information on the device at risk. The messaging company had asked users to update the app to the latest version to fix the issue.

The company told MeitY it had corrected the vulnerability through the deployment of strong server-side protections, hence it was not imperative for users to upgrade their WhatsApp version or phone operating systems. It had, however, asked its users to upgrade simply as a matter of “abundant caution.”

“The company has further informed the government that it had come down heavily on unofficial versions of WhatsApp and had taken action against 4 million such accounts in the Indian general election season,” a senior government official told ET.

This refers to unsupported variants such as JT WhatsApp and GB WhatsApp which, according to the company, are being used to get around the limit on forwards.

“Users of unsupported apps are banned and explained how to migrate to the official version of WhatsApp,” the company told the government.

Telemarketing companies and political outfits have reportedly been using these apps to breach the limits. Since 2018, the app has restricted forwards to five per user, down from 256 previously, in order to curb the spread of fake news through bulk messaging.

WhatsApp told the government it had taken action against “dozens” of private companies in India that were violating its terms of service in this manner. It asked for the government’s cooperation in bringing to its attention companies that the Indian authorities may be aware of in this regard.

Prior to this, WhatsApp has been resisting the government’s demand on traceability of inflammatory messages, which have led to acts of violence such as lynchings and riots.