Google has removed the android app SmeshApp from the Google play store after CNN-IBN published a report on how Pakistani spy agencies used it to snoop on Indian Army.
It is reported that the app was used to get tactical as well as personal information of the army personnel. Almost 200 top officers were targeted through the spyware. The report said that fake facebook profiles were used to honeytrap the officers. First officers were sent the friend request through the fake profiles and then they chatted with them. Then they were prompted to download the SmeshApp.
The app was a spyware in the disguise of a calling and chat app. Once installed on the phone it collected data from the phone and sent it to the server situated in Germany. The service was hosted by a man based out Karachi named Sajid Rana. The information was tracked down by IBN using the Whois service which gives out information of the server based on the URL.
India's communication minister Ravi Shankar Prasad told in an interview, "I will get my officers to check how the spying was done through the app and what were the gaps in the security measures. We will take a follow-up action once we get the details". He added that "Tech companies like Google have to be alive to India's security concerns".
It is interesting that Google earlier used to scan apps through an automated program but recently the play store started manually reviewing apps last year to avoid low quality or spyware apps. And screenshots suggest that SmeshApp was released somewhere around last year.
The history is Pakistani hackers attacking Indian websites or services is not new. Back in 2010 CBI website was attacked, in 2015 Kerala government website, In 2014 Indian Revenue services website were hacked. Last year 'Pakistani Cyber Army' even took down 22 goverment portals in a hack. In the most recent attack they defaced the AIIMS Raipur website.
Government is issuing new advisories of the use of the social media to the Army. They have forbidden the use of chat apps such as WeChat and Lime. Apart from that they have told the officers not to reveal designation or posting location on the social media, not to put profile pictures with uniform or any military background and not to accept friend requests from unknown people. The growing attacks through the technology suggests that Indian government needs to tighten the security on the cyber front.