Data hacking fear: Senior officials asked to replace cell phones

The Cabinet Division has reportedly directed senior government and military officials to immediately replace their cell phones purchased before May 10, 2019, due to fear of data hacking by foreign spy companies.

These instructions have been issued by the Secretary Cabinet, Maroof Afzal to all concerned Ministries and Departments for strict compliance. According to a letter sent by Secretary Cabinet, it has been reported that hostile intelligence agencies have developed technical capabilities and means to gain access to sensitive information stored in mobile phones of officials of government departments/institutions and Ministries.

These spyware companies are using hacking software/applications such as "chat line" and "Pegasus" malware on WhatsApp account of target mobile phones (iOS and Android) to gain access to sensitive information stored on mobile phones. The malware is capable to infect any mobile phone (iOS and Android) by generating missed calls on target WhatsApp numbers.

This "Pegasus" malware has infected approximately 1400 senior government and military officials in 20 countries including Pakistan. Hostile spyware companies such as Israel based NSO Group have been sued by WhatsApp/Facebook in the US court of San Francisco for "violating both US and California law as well as WhatsApp terms of service,"

"Although advisory on this issue has also been issued to all government departments/ Ministries by NTISB, Cabinet Division, however, in order to minimize the possibility of any infection by Pegasus malware, senior government officials holding sensitive portfolios/ dealing with national security matters have been advised to consider following: (i) no official/ classified information be shared on WhatsApp or similar application being highly insecure; (ii) WhatsApp be upgraded to latest version ( version 2.19.112 for iOS and 2.19.308 for android as of November 4, 2019; and (iii) all mobile phones purchased prior to May 10, 2019 be immediately replaced.

A couple of months ago, National Telecom & Information Technology Board (NTITB), Ministry of Information Technology had revealed that potential and intended threats to cyber security exist which pose a concern for national security.

The Ministry had proposed that smart phone be strictly forbidden in official meetings especially involving discussions on sensitive matters affecting security and no classified information be shared on WhatsApp or similar application being highly insecure.

The Ministry had further stated that passage of sensitive/classified information via insecure email, plain fax and any other insecure means should be discouraged.

CCTV networks installed at the sensitive locations should not be connected either on internet or on cloud based service. Their networks must remain standalone and isolated. Any ICT equipment/solution specially of foreign origin/OEM for potential use in offices must be cleared from NITB. Special care be exercised with respect to communication on smart phones near foreign missions compounds (cellular network be used), use of wifi hot spot, small TV devices, FTTH/ smart cable TV, NW printers/ scanners and vehicles equipped with datacomm devices/onboard smart devices.

It was also directed that regular electronic sweeping of offices, residences, meeting/conference rooms against possible bugs should be ensured. Screening of gifts/souvenirs presented by visiting dignitaries be undertaken to rule out presence of any bug. No official gift be placed in sensitive places without due clearance of screening process.