In a recent advisory, the Indian Computer Emergency Response Team (CERT-In), the nation's cybersecurity agency, has raised concerns about a significant vulnerability affecting WhatsApp users. The agency has flagged a method of attack dubbed "GhostPairing," which exploits the platform's device-linking feature to potentially hijack accounts. This vulnerability could allow malicious actors to gain complete control over a user's WhatsApp account, accessing real-time messages, photos, and videos, particularly through the web version of the application.

The "GhostPairing" attack circumvents traditional security measures such as passwords and SIM swaps, making it a particularly insidious threat. According to CERT-In, the attack begins with a deceptive message, often appearing to come from a trusted contact, urging the recipient to "check this photo". This message contains a link, often with a Facebook-style preview, that leads to a fake Facebook viewer. The victim is then prompted to "verify" their account to view the content.

Here's where the exploit occurs: attackers leverage WhatsApp's "link device via phone number" feature, tricking users into entering their phone numbers on the fake Facebook viewer. Unknowingly, this grants the attackers full access to their WhatsApp accounts, effectively linking the attacker's device as a trusted and hidden device. Once linked, the attacker gains almost the same access as the victim on WhatsApp Web. They can read synced messages, receive new messages in real-time, and view photos, videos, and voice notes. Critically, they can also send messages from the compromised account.

CERT-In has classified the attack as "high" severity, emphasizing the potential for widespread impact. The agency is urging users to be cautious of suspicious messages and links, even if they appear to come from known contacts. Users should also be wary of entering their phone numbers or scanning QR codes on unfamiliar websites or applications.

This alert comes amidst increasing concerns about cyber fraud targeting Indian citizens. In related news, Indian agencies have been actively working to combat offshore criminal networks using platforms like WhatsApp to perpetrate scams. Recently, over 17,000 WhatsApp accounts used by Southeast Asia-based cybercriminals were blocked as part of a special initiative to disrupt these networks. These accounts were allegedly involved in trapping Indians through digital arrests and other cyber fraud schemes.

The "GhostPairing" vulnerability highlights the evolving sophistication of cyberattacks and the importance of staying vigilant. As of now, a response from WhatsApp regarding this specific vulnerability is awaited. In the meantime, users are advised to exercise caution and follow CERT-In's recommendations to protect their accounts from potential hijack.