View from India: Cyber snooping on your phone - WhatsApp with that?
Image credit: Dreamstime
With 400 million users, India is the biggest market for WhatsApp, the Facebook-owned company. Last week, the instant messaging platform hit the headlines after it was revealed that it had been used to snoop on 121 prominent Indians.
Multiple media reports suggest that the spyware Pegasus has broken into phones after the user received a video call. The call is the means by which malicious code is transmitted. It appears that even if the individual doesn’t answer the call, the spyware gets installed. Thereafter, the attacker can access all of the user's WhatsApp-related data, including calls, messages, phone list, microphone and camera. It also includes vital information about the user’s data and browser history.
This raises questions about how Pegasus, a state-of-the art software tool, can spy on the phone. The operating systems (OS) of smartphones are the vulnerable points. Similar to the OS of desktops and laptops, this familiarity can make it easier for hackers to break into the mobile version.
To put things into context, a bug in WhatsApp’s call function was identified earlier this year. In May, WhatsApp detected that the bug was being exploited to install malicious code into phones. Pegasus, the latest development, emerged last week.
WhatsApp has over 1.5 billion users globally, of which India alone accounts for around a quarter of its user base. Given the sizeable community of users in India, WhatsApp is rolling out new security features. In its blog post, the messaging platform indicated that it is in the process of launching an extra security layer. This is a biometric authentication option, a fingerprint lock, for Android phones. The mechanism can be understood as something that operates like the TouchID (fingerprint recognition) and FaceID (facial recognition) lock on iPhones.
From a technology standpoint, Android users can lock the app with their fingerprint, which needs to be authenticated to unlock it. The time duration of the lock can also be decided upon by the user, who can also choose whether WhatsAppcontent will be visible in notifications.
Ravi Shankar Prasad, Union Telecom minister, shared the Government of India’s (GoI) concerns about the phone hacking with the media, as the privacy breach of citizens is alarming for GoI. In an official statement on Twitter, Prasad asked WhatsApp for a detailed explanation of the cyber attack. The minister’s Twitter message stated that the GoI is committed to protecting the privacy of all Indian citizens. Government agencies have a well-established protocol for interception, which includes sanction and supervision from highly ranked officials in central and state governments, for clear stated reasons in national interest.
Let’s face it, your mobile phone should be as private as it can be, as it contains highly personal information and location data and can act as a wallet at the click of a button. A big picture points to the fact that India is gearing up to become a trillion-dollar IT economy. Digitisation is the crux of this vision; the digital journey is dotted with multi-device connectivity.
India is a 'mobile first' market. The mobile device requires a similar level of protection from virus and cyber attacks as laptops and desktops. Lock-screen security is as essential as using discretion while installing apps, which should happen from reliable sources. It’s also important to disable certain aspects such as Wi-Fi and Bluetooth connectivity when they are not being used. Besides strong password protection, machine learning tools can be loaded on to the device to help detect malicious code.
Another aspect is that it’s necessary to update the operating system from time to time. Using an outdated version of the device's OS can be an open invitation for spyware, malware or other malicious software attacks.
It’s wiser to play safe than to put the mobile device - and your personal data - at risk.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.