New Delhi: The Indian cybersecurity agency, CERT-In, has issued a warning to WhatsApp users about a new account hacking campaign exploiting the app’s device-linking feature. The attack, dubbed ‘Ghost Pairing’, allows cybercriminals to gain complete control over a user’s WhatsApp account without requiring passwords or SIM swaps. They can read messages in real-time, view photos and videos, and even send messages to contacts and groups — all without the victim’s knowledge.
How Ghost Pairing Works
According to CERT-In, this is a high-severity attack. Hackers take advantage of WhatsApp’s “Link Device via Phone Number” feature. The attack begins when a user receives a message from a seemingly known contact, often reading “Hi, check this photo,” containing a link with a Facebook-style preview.
Clicking the link opens a fake Facebook viewer page, prompting the user for verification, typically asking for the phone number. Once the number is entered, the hacker’s device gets linked to the user’s WhatsApp account. Using the pairing code, the hacker can access the account as a hidden device, effectively gaining the same privileges as WhatsApp Web.
What Hackers Can Access
Once the device is linked, attackers can:
- Read old messages and receive new ones in real time
- Access photos, videos, and voice notes
- Send messages to contacts and groups
All of this occurs silently in the background, leaving the user unaware. CERT-In emphasised that victims unknowingly grant full account access to attackers.
CERT-In Advisory
The advisory highlighted that malicious actors exploit WhatsApp’s device-linking feature to hack accounts using pairing codes without authentication. This new Ghost Pairing campaign enables cybercriminals to seize complete control without passwords or SIM swap. While first observed in the Czech Republic, compromised accounts can now be leveraged to spread the campaign globally. WhatsApp has yet to officially respond to this threat.
How to Protect Yourself
CERT-In recommends the following precautions:
- Avoid clicking suspicious links, even from known contacts
- Do not enter phone numbers on external sites claiming to be WhatsApp or Facebook
- Regularly check the “Linked Devices” section in the app and log out of unknown devices
- Enable two-step verification in WhatsApp for additional security
- In case of a hack, immediately report the incident to the cybercrime cell and email WhatsApp support
Users Must Stay Alert
Experts warn that the Ghost Pairing campaign could spread rapidly, as compromised accounts are used to target new victims. Users are advised to remain vigilant, avoid suspicious links, and promptly install official app updates.
