New Delhi: The Indian cybersecurity agency, CERT-In, has issued an alert for WhatsApp users regarding a new hacking threat that manipulates the app’s device-linking functionality. This attack, known as ‘Ghost Pairing’, allows cybercriminals to take full control of a user’s WhatsApp account without needing passwords or SIM swaps, enabling them to read messages, view media, and send messages to contacts without the victim’s awareness.
Understanding Ghost Pairing
CERT-In has classified this as a serious threat. The attack leverages WhatsApp’s “Link Device via Phone Number” feature. It typically begins when a user receives a message from a familiar contact, saying something like “Hi, check this photo,” often containing a link with a Facebook-like preview.
How the Attack Unfolds
When the user clicks on the link, they are redirected to a counterfeit Facebook viewer page, which prompts them to verify their identity by entering their phone number. Once the number is submitted, the hacker’s device gets linked to the user’s WhatsApp account. The attacker can then use the pairing code, allowing them to access the account as if they were using WhatsApp Web.
What Hackers Gain Access To
After the device is linked, the attackers have the ability to:
- Read both old and real-time messages
- Access photos, videos, and voice recordings
- Send messages to contacts and group chats
This all occurs discreetly, often without the user’s knowledge. CERT-In has stressed that victims inadvertently grant attackers complete access to their accounts.
CERT-In’s Advisory Communication
The agency’s advisory pointed out that malicious actors exploit WhatsApp’s device-linking feature to hijack accounts using pairing codes without any authentication. This Ghost Pairing attack allows cybercriminals to gain control without needing passwords or swapping SIM cards. Initially detected in the Czech Republic, the reach of this threat has now expanded, facilitating a wide range of attacks using compromised accounts. As of now, WhatsApp has not publicly addressed these developments.
Steps to Avert the Threat
CERT-In has outlined several precautionary measures users can take:
- Refrain from clicking on suspicious links, even if they appear to be from known contacts
- Do not input your phone number on unverified external websites claiming to be affiliated with WhatsApp or Facebook
- Regularly check the “Linked Devices” section in your app and log out of any unknown devices
- Activate two-step verification in WhatsApp to enhance your security
- If you suspect your account has been compromised, report the incident to your local cybercrime cell and contact WhatsApp support via email
Importance of User Vigilance
Experts warn that the Ghost Pairing campaign poses a risk of rapid spread, as compromised accounts can serve as a gateway to target additional victims. Users are encouraged to remain alert, exercise caution with unexpected links, and ensure that official app updates are promptly installed.
