TAU informs about the privacy threats of WhatsApp since May 2019
Threat Analytical Unit (TAU) of the Indian Cyber Crime Coordination Division on May 25, 2019, urged staff in all government departments and security forces to take corrective action. “A zero-day vulnerability has been identified in WhatsApp VOIP stacks which allows attackers to install spyware named Pegasus to steal personal information from text messages to call logs and location data.” VOIP is short for Voice Over Internet Protocol. It advised people to immediately update their WhatsApp versions to maintain their privacy intact.
TAU is part of the recently formed Cyber and Information Security Division and plays a crucial role in providing a platform for law enforcement personnel, people from the private sector, academia and research organizations to work collaboratively to analyse all pieces of the puzzles in cybercrimes.
TAU produces cybercrime threat intelligence reports and issues alerts on emerging cybercrime threats. It functions in close coordination with the Indian security infrastructure. TAU also works in close coordination with the Computer Emergency Response Team and is used to raise awareness and initiate defensive cyber operations to counter possible cyber threats.
The May 25 alert said: “WhatsApp uses the secure, real-time transport protocol to establish connections between clients and allow for audio and a video call. A buffer overflow vulnerability in the WhatsApp VOIP stack allows remote attackers to execute arbitrary code on the target phones by sending a specially crafted series of Secure Real-Time Transport Protocol (SRTCP) packets by merely placing a WhatsApp call, even when the call is not answered.’
The Computer Emergency Response System of India in the May 17 alert had described the “buffer overflow condition error,” – the coding flaw in WhatsApp that was exploited to deliver the malware to the targets. Like the later alert of TAU, the CERT alert also advised using patches and updating the version of WhatsApp software for ensuring the privacy of its users.
A week prior to the alert, there had been reports in the media about WhatsApp being compromised. The privacy alert issued by DG CERT also linked the alert to media reports of WhatsApp being compromised.
“It was a combination of both. Reports of WhatsApp being compromised were taken note of ,which were investigated separately before the alert was issued,” a senior official who did not want to be named said and added, “the modus operandi is a globally accepted protocol and practice.”
“Every software has its own vulnerabilities. With innovation taking places in computer technology, hackers exploit these vulnerabilities. The exploitation of such weakness in WhatsApp is one such case. One cannot say for sure that WhatsApp or for that matter any software is completely secure,” former Cyber Security Coordinator Gulshan Rai said.
