India's cyber agency issues high severity security warning for WhatsApp users

India’s cyber security agency CERT-In has issued a warning to the users of the popular instant..

India’s cyber security agency CERT-In has issued a warning to the users of the popular instant messaging app WhatsApp, about certain vulnerabilities. These vulnerabilities could lead to a breach of sensitive information of WhatsApp users. WhatsApp is having a terrible month—and it’s not getting any better. Not only did an account suspension hack make headlines around the world, but other serious flaws have also just been reported. This should serve as a warning for WhatsApp’s 2 billion users to be wary of how they use the app.

The CERT-In is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens security-related defense of the Indian Internet domain.

A “high” severity rating advisory was issued by the CERT-In or the Indian Computer Emergency Response Team. It said that the vulnerability has been detected in software that has “WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.” The CERT-In is the national technology arm to combat cyber attacks and guard the Indian cyber space.

"Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system," the advisory issued on Saturday said.

Describing the risk in detail, it said that these vulnerabilities "exist in WhatsApp applications due to a cache configuration issue and missing bounds check within the audio decoding pipeline."

"Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system," it said.

This development comes amidst the massive backlash over allegations that it shares its users’ information with its parent company—Facebook. WhatsApp’s latest privacy policy, how the app collects and handles user information, had drawn massive criticism in India for the same with critics claiming that the instant messaging platform was biased against Indian users. The government requested the Delhi high court to restrain WhatsApp from implementing its controversial privacy policy update, contending that the new policy fails to comply with local user privacy and data protection rules. It also told the court that the policy fails to provide users with the option to review or amend their personal information.

After facing intense scrutiny in India over its upcoming privacy update, consumer protection agencies in Brazil have now asked the government to act on the May 15 privacy update that will allow Facebook to aggregate users’ data across all of its platforms. Consumer rights non-profit organization Idec has notified Brazil’s National Data Protection Authority, the National Consumer Secretariat and the Federal Prosecution Service, among others, with a request for joint action against the privacy policy.

WhatsApp is at something of a pivot point. Next month, its new terms of service come into effect, enabling Facebook to increase its monetization of the platform. This prompted the backlash in January, and will no doubt see more of the same next month, when account restrictions become effective. Meanwhile, there are legal challenges for WhatsApp and its parent Facebook to contend with. The lack of backup encryption—which is reportedly being fixed—is one major feature gap for WhatsApp, as is the lack of multi-device options, also reportedly being addressed.

One of Germany’s toughest data regulators is also seeking an administrative order that would stop Facebook Inc. from collecting user data from its WhatsApp unit. The regulator in the city of Hamburg is seeking an “immediately enforceable order” before May 15 over concerns that policy changes could lead to the use of such data for wider marketing and advertising purposes.

 WhatsApp should be applauded for expanding the use of end-to-end encryption to billions of users around the world. But what happens in the next few months is very critical. For the first time, it has genuine competition—Signal is every bit as good to use, albeit much smaller, and Telegram has scale, albeit key security weaknesses. But the network effect around these other apps is now creating real alternatives.

Coming back to the CERT-In warning, advisory had stated that WhatsApp users should update to the latest version of the app from the Google Play Store or iOS App Store in order to counter this vulnerability threat.

About us

In the age of print and electronic media, the veracity of news need a bias-free enterprise/ initiation. Tedious news bytes no longer accrue the common people’s attention. With an objective to delineate the inside news from global corners, “BARTALIPI DIGITAL” has entered the ground of digital journalism. The title blend itself is self-explanatory of its target and aim. Features, newsflash all synced in one platform thereby, gives a promising aura to the netizens of Barak valley. BARTALIPI DIGITAL hence, vows to meet the digital balance which will mark it off as a news organization in the era of digital evolution..

Follow Us