Indian agency flags WhatsApp ‘hijack’ threat
It has been reported that malicious actors are exploiting WhatsApp’s device-linking feature to hijack accounts using pairing codes without authentication requirement: Advisory
Indian cybersecurity agency, CERT-In, has flagged a vulnerability in the WhatsApp “device-linking” feature that enables attackers to take “complete” control of an account, including access to real-time messages, photos, and videos on the web version. The agency named the issue “GhostPairing” on Friday in an advisory that has been accessed by PTI.
“It has been reported that malicious actors are exploiting WhatsApp’s device-linking feature to hijack accounts using pairing codes without authentication requirement. This newly identified cyber campaign called ‘GhostPairing’enables cybercriminals to take complete control of WhatsApp accounts without needing password or SIM swaps,” the advisory said.
A response from WhatsApp to the revelation is awaited.
According to the advisory, the “high” severity attack usually begins with the victim receiving a message like “Hi, check this photo” from a “trusted” contact. The message contains a link with a Facebook-style preview, which leads to a “fake” Facebook viewer that prompts users to “verify” to see the content. Here, the attackers exploit WhatsApp’s “link device via phone number” feature by tricking unsuspecting users into entering their phone numbers, the advisory said.
