GIFT a SubscriptionGift
HamberMenu
  1. Cricket
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon
  1. Cricket
  2. Data
  3. Health
  4. Opinion
  5. SEARCH Icon

To enjoy additional benefits

GIFT a SubscriptionGift
ShowcaseCrossword+

CONNECT WITH US

year
Click here for our in-depth coverage of Lok Sabha and Assembly elections #ElectionsWithTheHindu

WhatsApp hid vulnerability for 6 months

Indian government only informed on November 14, while U.S. database has an entry from May 14

November 20, 2019 01:09 am | Updated 01:12 am IST - Gautam S. Mengle Mumbai

Gautam S Mengle
Gautam S. Mengle

The recent vulnerability discovered in WhatsApp has once again brought into focus the selective approach the instant messaging app seems to adopt when it comes to its Indian consumers. The Hindu has learnt that WhatsApp knew about the vulnerability six months ago, but only put out an update four days ago.

The vulnerability, which has since been patched, can be exploited by sending a specially crafted MP4 file, which triggers a buffer memory overflow in the app, causing it to crash for a short period of time. This window can be used by those with malicious intent to install malware on the device. The malware can do anything from using the device for a denial of service attack to execute a remotely controlled code on the device.

The website of the National Vulnerablities Database, a repository of vulnerabilities maintained by the U.S. government, shows that the first update about the vulnerability was posted on May 14 and later modified on August 13. However, an update about it was released for Indian users on Facebook only on November 14.

Cyber police officials said this once again brings into focus the selective approach that WhatsApp adopts when it comes to regard for Indian laws and law enforcement agencies.

Indian police agencies have for long lamented the fact that WhatsApp never shares any data with them regarding the source of potentially problematic content shared on it.

In a statement shared with The Hindu on Tuesday, a spokesperson from the app said, “WhatsApp is constantly working to improve the security of our service. We make public, reports on potential issues we have fixed consistent with industry best practices. In this instance there is no reason to believe users were impacted.”

No response to queries

WhatsApp, however, did not respond to The Hindu’ s query about it being aware of the vulnerability for six months. It also did not respond to an additional query about what mechanisms were in place to track whether any users are affected by any vulnerability, saying only that “we feel that the statement speaks to your questions.”

When contacted, Special Inspector General of Police Brijesh Singh, Maharashtra Cyber, said, “If WhatsApp follows U.S. rules in the U.S., and they have compulsory reporting standards, they should also inform all Indian citizens who might have been compromised.”

Related Topics

Mumbai / cyber crime

Top News Today

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.