1. Home
  2. WhatsApp Pay may put Indian digital banking at risk: Experts

WhatsApp Pay may put Indian digital banking at risk: Experts

Agencies
November 8, 2019

After WhatsApp accounts of 121 Indians were compromised by the Israeli spyware Pegasus, experts have warned that the payment feature the Facebook-owned platform is planning to launch in India may put the digital banking system at risk.

"WhatsApp payment needs to be seen with microscopic eye, primarily because in payment you will be dealing with sensitive personal data and cyber security is going to be an essential building block component for WhatsApp to demonstrate its due diligence," Pavan Duggal, one of the nation's top cyber law experts, told IANS.

The Ministry of Electronics and Information Technology (Meity) has already expressed dissatisfaction over the manner WhatsApp communicated about the compromised accounts.

The piece of NSO Group software called Pegasus allegedly exploited WhatsApp's video calling system by installing the spyware via missed calls to snoop on 1,400 users globally. The devices were compromised with just a WhatsApp video call.

In May, WhatsApp, which has 400 million users in India, urged its 1.5 billion global users to upgrade the app after discovering the vulnerability.

"WhatsApp's recent operations have shown that it's difficult for the government to get information from it. WhatsApp is an intermediary under the Information Technology Act and is mandated to exercise due diligence under the law. But it has failed to do due diligence," Duggal said.

"You should not be in a hurry to grant new licences or permission to WhatsApp without being satisfied with its adherence to cyber-security norms, international best practices and Indian laws," he said.

The Facebook-owned company is learnt to have countered the government charge that it didn't inform it about a privacy breach on the messaging platform. WhatsApp didn't even comply with the data breach notification law in India, Duggal said.

"It (WhatsApp) didn't follow reasonable security practices as mandated in Section 43A of the IT Act, 2000. In fact, it abetted the crime of un-authorised access too. Granting WhatsApp pay licence should be given a second thought by the Reserve Bank of India," said Prashant Mali, cyber lawyer at Bombay High Court.

In light of the recent hack, the government, the RBI and the National Payments Corporation of India (NPCI) is reportedly evaluating the risk of allowing social media apps into the digital payment ecosystem.

"With the government, the RBI and the NPCI planning to evaluate the risks involved in making payments via social media apps and services, the security of the UPI payment infrastructure on WhatsApp Pay has been rendered under a cloud of vulnerability," said Salman Waris, Managing Partner at TechLegis Advocates & Solicitors, a law firm.

The RBI revealed in an affidavit in the Supreme Court earlier that WhatsApp had not complied with the data localisation norms. In an April 2018 circular, the RBI stated that the data of any payment banking system have to physically located in India.

"The history of WhatsApp has shown that it's not cooperative with the government in sharing of information. If financial information is compromised, it will not only have an impact on users, but it can also have an impact on the sovereignty and security of India," Duggal said.

The government must go slow till the time WhatsApp demonstrates compliance to Indian law and showed that the platform was secure, he said.

"Because almost every phone user in India is on WhatsApp, it's all the more important for the government and the RBI to ensure that WhatsApp not only complies with the parametres of cyber security and data localisation norms, but also the IT Act and the rules and regulations thereunder.

"If WhatsApp doesn't comply with the data localisation norms, rules and regulations of the IT Act, then there is no question of granting new permission," Duggal said.

In a statement, a WhatsApp spokesperson said that safety and security of users remains the platform's highest priority.

"In May, our security team caught and stopped a cyber attack designed to send malware to mobile devices. Unable to break end-to-end encryption, this kind of malware abuses vulnerabilities within the underlying operating systems that power our mobile phones," the WhatsApp spokesperson said.

"Technology companies are constantly working to stay ahead of these kind of challenges through updates and patches. The safety and security of our users remains our highest priority, which is why in May we blocked the attack and have taken action in the courts to hold NSO accountable," the statement added.

Facebook filed a lawsuit against Israel's NSO Group last month. According to Facebook, the NSO Group violated laws, including the US Computer Fraud and Abuse Act.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
January 19,2020

Mumbai, Jan 19: After Kerala and Punjab, the Maha Vikas Agadi (MVA) government is also mulling over a resolution against the Citizenship (Amendment) Act, 2019 in Maharashtra Assembly.

Speaking to news agency, Congress spokesperson Raju Waghmare said: "Our senior party leader Balasaheb Thorat has also shared his stand on the CAA. Even Chief Minister Uddhav Thackeray has said that we are against the CAA. As far as the resolution against CAA is concerned, our senior leaders of MVA will sit together and decide."

If this happens, then Maharashtra will be the third state to pass a resolution against CAA, which grants citizenship to non-Muslim refugees from Pakistan, Afghanistan, and Bangladesh, who came to India on or before December 31, 2014.

Emphasising that CAA is 'unconstitutional,' senior lawyer and Congress leader Kapil Sibal has said that every state Assembly has the constitutional right to pass a resolution and seek CAA's withdrawal.

He added that it would be problematic to oppose the CAA if the law is declared to be 'constitutional' by the Supreme Court.

"I believe the CAA is unconstitutional. Every State Assembly has the constitutional right to pass a resolution and seek its withdrawal. When and if the law is declared to be constitutional by the Supreme Court then it will be problematic to oppose it. The fight must go on!" Sibal tweeted.

Earlier speaking at the Kerala Literature Festival on Saturday, the Congress leader had said that constitutionally no state can say that it will not implement the amended Citizenship Act, as doing so will be "unconstitutional".

Kerala government has also approached the Supreme Court against the CAA following the passage of a resolution against it in the state Assembly.

Punjab chief minister Amarinder Singh has also announced that the Congress state government is going to join Kerala in the Supreme Court in the case.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 7,2020

Srinagar, Mar 7: Two more accused, including a man who allegedly bought chemicals online for making improvised explosive device (IED) to be used in an attack on a convoy of the Central Reserve Police Force (CRPF) in Jammu and Kashmir's Pulwama last year, were arrested by the National Investigation Agency (NIA) on Friday, an official said.

The terror attack left 40 CRPF personnel dead in south Kashmir's Pulwama last year.

Waiz-ul-Islam, 19, from Srinagar and Mohammad Abbass Rather, 32, from Pulwama were arrested by the NIA, taking the number of those arrested in the case in the past week to five.

"During initial interrogation, Islam disclosed that he used his Amazon online shopping account to procure chemicals for making IEDs, batteries and other accessories on the directions of Pakistani Jaish-e-Mohammed (JeM) terrorists," the official said.

He said Islam personally delivered the items to the JeM terrorists after buying them online as a part of the conspiracy to carry out the attack.

"Rather is an old overground worker of the JeM. He has disclosed that he gave shelter at his home to Jaish terrorist and IED expert Mohd Umar after he came to Kashmir in April-May 2018," the official said.

Rather also sheltered other JeM terrorists - suicide bomber Adil Ahmad Dar, Sameer Ahmed Dar and Kamran, a Pakistani -- at his house before the Pulwama attack, the official said.

"He also facilitated safe shelter for the JeM terrorists, including Adil, at the house of accused Tariq Ahmed Shah and his daughter Insha Jan of Hakripora, who were arrested on March 3," the official said.

He said Islam and Rather will be produced before the NIA special court in Jammu on Saturday, while further investigation in the case continues. The NIA took over the case to probe the conspiracy behind the February 14, 2019, attack in Pulwama.

The last video of Adil, which was released by the JeM from Pakistan after the terror attack, was filmed at the home of Tariq Ahmed Shah. On February 28, the NIA achieved a major breakthrough in the case when it arrested 22-year-old Shakir Bashir Magrey, a furniture shop owner and resident of Pulwama.

Magrey had given shelter and other logistical assistance to suicide bomber Adil. He was introduced to Adil in mid-2018 by Pakistani terrorist Mohammad Umar Farooq and he became a full-time OGW of the JeM.

The explosives used in the attack were determined through forensic probe to be ammonium nitrate, nitro-glycerin and RDX. During investigation into the attack, the identity of the suicide bomber to be Adil Ahmad Dar was confirmed through DNA matching with that of his father.

The other key terrorists involved in the attack have been found to be JeM's south Kashmir divisional head Muddasir Ahmad Khan, killed in an operation by the security forces on March 11 last year; Pakistani terrorists Muhammad Umar Farooq and IED expert Kamran, both killed on March 29 last year; the owner of the car Sajjad Ahmad Bhat, a resident of Anantnag who was killed on June 16 last year, and Qari Yassir, JeM's commander for Kashmir who was killed on January 25 this year.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
February 18,2020

Ayodhya, Feb 18: A senior Supreme Court lawyer has written to the Ram temple trust on behalf of a group of Muslims in Ayodhya, asking that five acres of land around the demolished Babri Masjid where a graveyard is situated be spared for the sake of 'sanatan dharma'.

The letter, written by advocate M R Shamshad, is addressed to all 10 trustees of Shri Ram Janmabhoomi Teertha Kshetra.

Shamshad said according to Muslims, there is a graveyard known as 'Ganj Shahidan' around the demolished Babri Masjid where 75 Muslims who lost their lives in the 1885 riots in Ayodhya were buried.

"There is a mention of this in Faizabad Gazetteer also," he said.

"The central government has not considered the issue not using the grave-yard of Muslims for constructing the grand temple of Lord Ram. It has violated 'dharma'," the letter stated.

"In view of religious scriptures of 'sanatan dharma', you need to consider whether the temple of Lord Ram can have foundation on the graves of Muslims? This is a decision that the management of the trust has to take," it said.

"With all humility and respect to Lord Ram, I request you, not to use the land of about four to five acres in which the graves of Muslims are there around the demolished mosque," the letter added.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.