The Cabinet Division has reportedly directed the senior government and military officials to immediately replace their cell phones purchased before May 10, 2019, due to fears of data being stolen by foreign spy companies.
These instructions have been issued by the Secretary Cabinet to all concerned Ministries and Departments for strict compliance.
According to the letter sent by Secretary Cabinet, it has been reported that hostile intelligence agencies have developed technical capabilities and means to gain access to sensitive information stored in mobile phones of officials of government departments/ institutions and Ministries.
These spyware companies are using hacking software/applications such as “chat line” and “Pegasus” malware on WhatsApp of target mobile phones (iOS and Android) to gain access to sensitive information stored on them. The malware is capable to infect any mobile phone (iOS and Android) by generating missed calls on target WhatsApp numbers.
This “Pegasus” malware has infected approximately 1400 senior government and military officials in 20 countries including Pakistan. Hostile spyware companies such as Israel based NSO Group have been sued by WhatsApp/ Facebook in the US court of San Francisco for “violating both US and California law as well as WhatsApp terms of service,”
Although advisory on this issue has also been issued to all government departments/ Ministries by NTISB, Cabinet Division, in order to minimize the possibility of any infection by Pegasus malware, senior government officials holding sensitive portfolios/dealing with national security matters have been advised to consider following:
- No official/classified information be shared on WhatsApp or similar applications.
- WhatsApp should be updated to the latest version (version 2.19.112 for iOS and 2.19.308 for Android as of November 4, 2019).
- All mobile phones purchased prior to May 10, 2019, be immediately replaced.
A couple of months ago, the National Telecom & Information Technology Board (NTITB), Ministry of Information Technology had revealed that potential and intended threats to cybersecurity exist which pose a concern for national security.
The Ministry had proposed that smartphones are strictly forbidden in official meetings especially involving discussions on sensitive matters affecting security and no classified information be shared on WhatsApp or similar application is highly insecure.
The Ministry had further stated that the passage of sensitive/classified information via insecure email, plain fax, and any other insecure means should be discouraged.
CCTV networks installed at the sensitive locations should not be connected either on the internet or on cloud-based service. Their networks must remain standalone and isolated. Any ICT equipment/solution, especially of foreign origin/OEM for potential use in offices must be cleared from NITB.
Special care is exercised with respect to communication on smartphones near foreign missions compounds (cellular network be used), use of wifi hotspot, small TV devices, FTTH/ smart cable TV, NW printers/scanners and vehicles equipped with datacomm devices/onboard smart devices.
It was also directed that regular electronic sweeping of offices, residences, meeting/conference rooms against possible bugs should be ensured. Screening of gifts/souvenirs presented by visiting dignitaries be undertaken to rule out the presence of any bug. No official gift be placed in sensitive places without due clearance of the screening process.