CERT-In flags ‘ghostpairing’ threat targeting WhatsApp users

India’s cyber security watchdog has issued a fresh warning after detecting a dangerous method being used to compromise WhatsApp accounts.

The Indian Computer Emergency Response Team (CERT-In) has cautioned that hackers are exploiting WhatsApp’s multi-device feature to gain unauthorised access, potentially allowing complete control over user accounts.

According to an advisory accessed by PTI, attackers are misusing the platform’s device-linking option, which lets WhatsApp run on multiple devices, such as browsers and desktops.

By abusing this feature, cyber criminals can secretly attach their own device to a victim’s account.

The vulnerability, known as GhostPairing, places private messages, photos, videos, and group chats at serious risk, particularly through WhatsApp Web.

CERT-In noted that hackers are using manipulated pairing codes that bypass normal verification checks. In several cases, attackers do not need passwords or SIM card swaps to hijack accounts.

The advisory warned that this technique enables criminals to take full control of WhatsApp profiles without alerting users.

CERT-In functions under the Ministry of Electronics and Information Technology and is responsible for protecting India’s digital ecosystem. It regularly issues alerts to counter cyber threats affecting individuals and organisations nationwide.

GhostPairing is a relatively new attack technique that takes advantage of user trust. Hackers trick victims into unknowingly approving a malicious device as a trusted one.

Once linked, the attacker’s device remains hidden, giving them continuous access to the WhatsApp account without the user’s knowledge. This allows criminals to read chats and impersonate users while messaging their contacts.

CERT-In explained that such attacks often begin with seemingly harmless messages. Victims may receive texts like “Hi, check this photo” from known contacts.

The link included opens a fake website resembling Facebook, prompting users to “verify” themselves. During this process, victims are misled into entering their phone numbers, unknowingly authorising device linking.

Once the hacker’s device is connected, it functions like WhatsApp Web.

Attackers can read synced messages, receive new chats in real time, view media files, send messages, and access both private and group conversations.

Since the linked device remains unnoticed, users may stay unaware of the breach for a long time.

CERT-In has urged users to stay alert, avoid suspicious links, and regularly check linked devices within WhatsApp settings to prevent unauthorised access.

Image from Pxhere (Free for commercial use / CC0 Public Domain)

Image Published on February 26, 2017

Image Reference: https://pxhere.com/en/photo/864864