The Indian Computer Emergency Response Team (CERT-In) has issued an alert for WhatsApp users in India about a new vulnerability linked to the platform’s ‘device-linking’ feature, which could potentially allow cybercriminals to hijack accounts. This emerging threat, known as 'GhostPairing,' has raised concerns over user security.
The advisory, rated with 'high' severity, indicates that the attack starts when the victim gets a message like “Hi, check this photo”, potentially resulting in the complete 'hijacking' of the user's WhatsApp account. Importantly, CERT-In is the primary technical agency in the country tasked with handling cyber attacks and safeguarding India's digital environment.
CERT-In has issued a warning about GhostPairing, a technique that allows cybercriminals to completely take over WhatsApp accounts without needing passwords or changing SIM cards. This method takes advantage of WhatsApp's device-linking feature, enabling attackers to control accounts by using pairing codes that bypass proper authentication. When an account is compromised, attackers utilize it to communicate with the victim's contacts.
“In a nutshell, the GhostPairing attack tricks users into granting an attacker’s browser access as an additional trusted and hidden device by using a pairing code that looks authentic,” the agency said in the advisory.
The 'GhostPairing' scam begins with a message from a trusted contact containing a link that leads to a fake Facebook viewer. Victims are asked to verify their identity, and in doing so, unknowingly provide their phone numbers. Attackers then exploit WhatsApp’s “link device via phone number” feature, gaining full access to the victim’s WhatsApp account without stealing a password or performing a SIM swap.
Victim clicks a link in a message from a trusted contact.
Link leads to a fake Facebook viewer asking for verification.
Attackers gain access to WhatsApp by exploiting the “link device via phone number” feature.
No password theft or SIM swap is involved.
Once attackers successfully link their device, they gain access to the victim's WhatsApp account, similar to using WhatsApp Web. This includes the ability to:
Read all synced messages
Receive new messages in real-time
View photos, videos, and voice notes
Send messages from the victim’s account
Access both personal and group chats
To safeguard your WhatsApp account from the GhostPairing scam, follow these precautionary steps:
It’s crucial not to click on suspicious links, even if they appear to come from known contacts. Never enter your phone number on external websites, especially those claiming to be linked to WhatsApp or Facebook. Regularly review the Linked Devices section in WhatsApp settings to identify any unauthorized devices. If you spot an unfamiliar device, log out immediately to secure your account.