- The Indian cyber security agency CERT-In has raised an alarm about a vulnerability in WhatsApp’s “device-linking” feature, which could allow attackers to gain “complete” control over an account.
- This includes access to real-time messages, photos, and videos on the web version of the app.
- On Friday, the agency referred to this issue as “GhostPairing” in an advisory that was shared with PTI.
- According to reports, malicious actors are taking advantage of WhatsApp’s device-linking feature to hijack accounts by using pairing codes without any authentication needed.
- “This newly discovered cyber campaign, dubbed GhostPairing, enables cyber criminals to seize full control of WhatsApp accounts without requiring passwords or SIM swaps,” the advisory explained.
The Indian cyber security agency CERT-In has raised an alarm about a vulnerability in WhatsApp’s “device-linking” feature, which could allow attackers to gain “complete” control over an account. This includes access to real-time messages, photos, and videos on the web version of the app.
On Friday, the agency referred to this issue as “GhostPairing” in an advisory that was shared with PTI.
According to reports, malicious actors are taking advantage of WhatsApp’s device-linking feature to hijack accounts by using pairing codes without any authentication needed.
“This newly discovered cyber campaign, dubbed GhostPairing, enables cyber criminals to seize full control of WhatsApp accounts without requiring passwords or SIM swaps,” the advisory explained.
We’re still waiting for a response from WhatsApp regarding this revelation.
CERT-In, the Indian computer emergency response team, serves as the national technology body dedicated to combating cyber attacks and protecting the Indian Internet landscape.
The advisory noted that this “high” severity attack typically starts with the victim receiving a message like “Hi, check this photo” from someone they trust.
This message includes a link that has a Facebook-style preview. Clicking on it leads to a “fake” Facebook viewer that prompts users to “verify” their identity to view the content. Here, attackers exploit WhatsApp’s “link device via phone number” feature, tricking unsuspecting users into entering their phone numbers, as mentioned in the advisory.
In doing so, victims “unknowingly” give attackers full access to their WhatsApp accounts.
The ‘GhostPairing’ attack deceives users into allowing an attacker’s browser to access their account as an additional trusted and hidden device, using a pairing code that appears legitimate.
The advisory stated that once the attacker links their device, they gain nearly the same access as the victim would have on WhatsApp web.
They can read messages that sync to their device, receive new messages in real-time, view photos, videos, and voice notes, and even send messages to the victim’s contacts and group chats, according to the advisory.
The agency recommended some smart counter-measures, like avoiding clicking on any suspicious links—even if they seem to come from people you know—and steering clear of entering your phone number on any external sites that claim to be WhatsApp or Facebook.