After WhatsApp accounts of 121 Indians were compromised by the Israeli spyware Pegasus, experts have warned that the payment feature the Facebook-owned platform is planning to launch in India may put the digital banking system at risk.
“WhatsApp payment needs to be seen with microscopic eye, primarily because in payment you will be dealing with sensitive personal data and cyber security is going to be an essential building block component for WhatsApp to demonstrate its due diligence,” Pavan Duggal, one of the nation`s top cyber law experts, told IANS.
The Ministry of Electronics and Information Technology (Meity) has already expressed dissatisfaction over the manner WhatsApp communicated about the compromised accounts.
The piece of NSO Group software called Pegasus allegedly exploited WhatsApp`s video calling system by installing the spyware via missed calls to snoop on 1,400 users globally. The devices were compromised with just a WhatsApp video call.
In May, WhatsApp, which has 400 million users in India, urged its 1.5 billion global users to upgrade the app after discovering the vulnerability.
“WhatsApp`s recent operations have shown that it`s difficult for the government to get information from it. WhatsApp is an intermediary under the Information Technology Act and is mandated to exercise due diligence under the law. But it has failed to do due diligence,” Duggal said.
“You should not be in a hurry to grant new licences or permission to WhatsApp without being satisfied with its adherence to cyber-security norms, international best practices and Indian laws,” he said.