WhatsApp spyware hack raises security concerns around its upcoming payments service

WhatsApp spyware hack raises security concerns around its upcoming payments service
Zuckerberg announcing WhatsApp Payments during F8 2019. Source: Screenshot of livestream

  • Last week Facebook CEO Mark Zuckerberg said he was ‘optimistic’ that WhatsApp’s payments feature would launch in India soon.
  • The launch of WhatsApp Payments might be hampered as the Indian government raises security concerns after NSO Group’s spyware attack.
  • The RBI and NPCI have been asked to consider whether social networking platforms should be allowed to conduct financial transactions in the first place.
Mark Zuckerberg was ‘optimistic’ that WhatsApp Payments will be launching in India soon during the company’s earnings call last week. Now there's a new hurdle that the company has to overcome before it can roll out its payments platform — security concerns around the WhatsApp after the recent spyware attack.

The Indian government is reportedly in talks with the Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI) to gauge whether it’s a wise decision to allow social networking platforms to conduct financial transactions, according to ET.

WhatsApp has been testing financial transactions on its app for over a year in India in beta mode but only among a million users, as per regulations. A full roll out of the feature would bring the messaging service’s 400 million users onboard WhatsApp Payments. And, it would go head to head against Google Pay, PhonePe and Paytm.

WhatsApp is yet to gain full approval of its payments platform from necessary authorities and additional security concerns will only hamper the process.

WhatsApp’s vulnerability

The recent spyware attack that reportedly encroached on the privacy of 1,400 users worldwide and 21 Indian users. Two dozen of them were journalists and activists. The hack was allegedly carried out by a Israeli security firm — the NSO Group.

Facebook is in the process of suing NSO for using their flagship software, Pegasus, to install spyware on user’s phones in order to obtain remote control. Pegasus can reportedly give the malware’s owner full control of a phone — including using the microphone and cameras to conduct surveillance.

According to WhatsApp, it alerted the government to spyware breaching Indian user security twice — once in May and then again in September. But the IT Ministry has responded saying that the details shared by the messaging mobile app were in inadequate and incomplete.

New regulations are coming

India’s Supreme Court directed the central government to form its rules and regulations to govern social media platforms by January 2020. This will bring more clarity around the obligations of WhatsApp and other mobile apps.

It light of recent events, it’s possible that these new regulations will include whether or not social networking platforms are allowed to launch their own payments platform.

The new guidelines will also determine whether messaging apps are obligated to reveal to origins of messages. WhatsApp maintains that it would be impossible to do so because of end-to-end encryption that doesn’t let anyone read the content of messages except the involved users. According to the company, breaking that encryption would compromise the guarantee of user privacy.

See also:
WhatsApp Payments battling Paytm, Google Pay and PhonePe for India's $1 trillion opportunity by end of year
Here’s why Facebook is suing the NSO Group over the WhatsApp hack
Jeff Bezos’ intimate messages, data from drug cartels, Jamal Kashoggi — the many things Pegasus is suspected of hacking before WhatsApp