ISLAMABAD: Pakistan on Friday asked WhatsApp to provide details of its users allegedly targeted by Israeli spyware in the country, and to update it on remedial measures to avoid a recurrence.
The development comes after NSO, an Israeli spyware firm, was sued by WhatsApp / Facebook on Oct. 29 for “violating both the US and California laws as well as the WhatsApp terms of service.”
A special type of malware named Pegasus was reportedly employed between April 28 and May 10 this year, affecting some 1,400 senior government and military officials in 20 countries, including Pakistan.
“Pakistan Telecommunication Authority (PTA) has taken up the matter with the WhatsApp management,” the state-owned telecom regulator said in a statement on Friday.
“PTA intends to get the details of users who were targeted in Pakistan (along with) an update on the remedial measures taken by WhatsApp to prevent the occurrence of such hacking attempts in future.”
The PTA has advised the public to upgrade the app by downloading its latest version, and to keep devices’ operating systems up to date in order to “avoid such incidents.”
Quoting a confidential document, Arab News reported last month that the government had directed senior officials holding “sensitive portfolios and dealing with national security matters” not to share “official/classified information” on “WhatsApp or similar applications” for security reasons.
“The malware (Pegasus) is capable of infecting any mobile phone only by generating a missed call on the targeted WhatsApp number,” Pakistan’s Ministry of Information Technology said in a special advisory issued last month, a copy of which was made available to Arab News.
In order to minimize the possibility of any infections by Pegasus, the ministry also directed government functionaries to immediately replace all mobile phones purchased before May 10, 2019.
Against this backdrop, Pakistan is developing a local instant messaging app — an alternative to WhatsApp — to protect official data and sensitive information from hackers and hostile intelligence agencies.
“We’ve been working to improve our cybersecurity and develop a messaging app like WhatsApp for government officials,” Dr. Arslan Khalid, Prime Minister Imran Khan’s spokesman on digital media, told Arab News.
“This local app will help us protect sensitive government data and other classified information from hostile spying agencies and hackers.”
The app, which is likely to cost about 1.3 billion Pakistani rupees ($8.37 million), will be launched by June 2020.
Officials at WhatsApp told media in October that senior government officials in multiple US-allied countries were targeted earlier this year with a hacking software that used the app to take over users’ phones. Victims were from the US, the UAE, Bahrain, Mexico, Pakistan, India and other nations.
Pakistan is ranked among the top seven countries for inadequate cybersecurity, with 25 percent of its mobile phones and 14.8 percent of computers infected with malware, according to a study conducted by technology site Comparitech.
Digital rights experts have urged the government to publish the list of officials whose WhatsApp accounts were compromised through the malware, for the sake of transparency.
“All public officials who communicate sensitive information (through WhatsApp) should be strictly asked to apply all digital security tools to protect their data and conversations from being hacked,” Nighat Dad, executive director of the Digital Rights Foundation, told Arab News.
She said since WhatsApp is a private company, it is not accountable to any country or government, and might refuse to cooperate with Pakistan.
“Smartphones are surveillance devices and can be hacked through malware to listen to all conversations in real time. It’s also possible to take screenshots of what’s on display and copy all data in the device,” Dad added.
She urged the government to make its “security protocols fool-proof for everyone, especially government functionaries.”
