What is ‘GhostPairing’, new scam that can ‘hijack’ WhatsApp account without password?
GhostPairing enables cybercriminals to gain full access to WhatsApp accounts without requiring passwords or SIM card changes.
The Indian Computer Emergency Response Team (CERT-In) has issued an advisory for Indian WhatsApp users, warning them about a new “device-linking” feature on the social media platform that could allow attackers to ‘hijack’ accounts. It said the newly identified cyber campaign is called ‘GhostPairing’.
The advisory, which carries a ‘high’ severity rating, said the attack begins when the victim receives a message such as “Hi, check this photo”, which can lead to the full ‘hijacking’ of the user’s WhatsApp account. Notably, CERT-In is the country’s key technical body responsible for dealing with cyber attacks and protecting India’s online space.
What is ‘GhostPairing’?
According to CERT-In’s warning, GhostPairing enables cybercriminals to gain full access to WhatsApp accounts without requiring passwords or SIM card changes.
The method exploits WhatsApp’s device-linking feature, allowing attackers to take over accounts by using pairing codes that do not require proper authentication.
Once an account is ‘hijacked’, attackers use it to send messages to the victim’s contacts.
“In a nutshell, the GhostPairing attack tricks users into granting an attacker’s browser access as an additional trusted and hidden device by using a pairing code that looks authentic,” the agency said in the advisory.
How does the ‘hijacking’ work?
The attack begins with a “Hi, check this photo” message sent by a contact that appears trustworthy. The message includes a link that displays a Facebook-style preview.
When clicked, the link opens a fake Facebook viewer asking users to “verify” their identity to view the content. At this stage, attackers misuse WhatsApp’s “link device via phone number” feature by misleading users into entering their phone numbers.
By completing a short and seemingly harmless set of steps, victims unknowingly grant attackers complete access to their WhatsApp accounts. This happens without any password being stolen or any SIM swap, the advisory said.
What can attackers access after ‘hijacking’?
Once an attacker links their device, they gain access similar to WhatsApp Web:
- They can read messages that are synced to their device
- They receive new messages in real-time
- They can view photos, videos, and voice notes
- They can send messages from the victim’s account
- They can access personal chats and group conversations
What should you do?
The advisory suggests several steps to reduce the risk of account compromise or takeovers:
- Do not click on suspicious links, even if they appear to come from known contacts.
- Never enter your phone number on external websites claiming to be linked to WhatsApp or Facebook.
- Regularly check Linked Devices on WhatsApp. Open WhatsApp and go to Settings > Linked Devices. If you notice any device you do not recognise, log out of it immediately.
For organisations:
- Offer security awareness training focused on attacks targeting messaging apps.
- Implement mobile device management where relevant.
- Watch for signs of phishing and social engineering attempts.
- Incident response protocols should be put in place for quick detection and resolution.
ABOUT THE AUTHORHT News DeskFollow the latest breaking news, major developments and agenda-setting stories from India and around the world with the newsdesk at Hindustan Times. Operating round the clock, the desk brings together experienced editors, reporters and correspondents to deliver fast, accurate and contextual reporting across subjects that influence public policy, governance, business, society and international affairs. The HT News Desk covers politics, elections, government policies, the economy, business and markets, science and technology, the environment, law and order, infrastructure, education, climate issues and geopolitics, while closely tracking developments across states, institutions and global capitals. The team also leads coverage of major breaking news events, policy announcements, court proceedings, natural disasters, public emergencies and significant international developments. Reports published by the newsdesk are based on information gathered from reporters on the ground, official statements, government agencies, court records, regulatory filings, recognised institutions and other authoritative sources. Stories undergo editorial scrutiny and verification processes to ensure accuracy, fairness and relevance, and are updated as events evolve and additional information becomes available. Whether covering a key political decision in New Delhi, an economic policy shift affecting millions, a landmark court ruling or a major global event, the HT News Desk aims to provide readers with reliable, fact-based journalism that delivers not only the latest developments but also the context and analysis needed to understand their wider implications.Read More

E-Paper


