Two malware alerts were issued in May
A SECOND ALERT ISSUED ON MAY 25 URGED STAFF IN ALL GOVT DEPARTMENTS AND SECURITY FORCES TO TAKE CORRECTIVE ACTION
NEW DELHI: As the controversy over the alleged use of malware on messaging service Whatsapp deepens, it has emerged that a general alert was sent out by the Computer Emergency Response Team on May 17, 2019, and warned of the social media platform being compromised by the Pegasus spyware made by Israelbased NSO Group. The CERT alert was issued for people-atlarge.
In addition to this, a more detailed alert was issued by the Threat Analytical Unit (TAU) of the Indian Cyber Crime Coordination Division on May 25, 2019, urging staff in all government departments and security forces to take corrective action. “A zeroday vulnerability has been identified in Whatsapp VOIP stacks which allows attackers to install spyware named Pegasus to steal personal information from text messages to call logs and location data.” VOIP is short for Voice Over Internet Protocol. It advised people to immediately update their Whatsapp versions.
TAU is part of the recently formed Cyber and Information Security Division and plays a crucial role in providing a platform for law enforcement personnel, people from private sector, academia and research organizations to collaboratively analyse all pieces of the puzzles in cybercrimes.
TAU produces cybercrime threat intelligence reports and issues alerts on emerging cybercrime threats. It functions in close coordination with the Indian security infrastructure. TAU also works in close coordination with the CERT and is used to raise awareness and initiate defensive cyber operations.
The May 25 alert said: “Whatsapp uses the secure, real-time transport protocol to establish connections between clients and allow for audio and a video call. A buffer overflow vulnerability in the Whatsapp VOIP stack allows remote attackers to execute arbitrary code on the target phones by sending a specially crafted series of Secure Real-time Transport Protocol (SRTCP) packets by merely placing a Whatsapp call, even when the call is not answered.” In addition, the alert also listed the kind of operating software of phones that are particularly vulnerable to Pegasus.
Similarly, the Computer Emergency Response System of India in the May 17 alert had described the “buffer overflow condition error”, the coding flaw in Whatsapp that was exploited to deliver the malware to targets. Like the later alert of TAU, the CERT alert also advised using patches and updating the version of Whatsapp software.
It is not clear whether CERT.IN and TAU had individually detected the Pegasus malware or were only reacting to global reports of the Whatsapp messaging service being comprised. “It was a combination of both. Reports of Whatsapp being compromised were taken note of,which were investigated separately before the alert was issued,” a senior official who did not want to be named said.
“Every software has its own vulnerabilities...hackers exploit these vulnerabilities. The exploitation of such weakness in Whatsapp is one such case,” former Cyber Security Coordinator Gulshan Rai said.