Govt warning on WhatsApp ‘GhostPairing’

The Indian Computer Emergency Response Team (CERT-In) has issued an advisory on a vulnerability in the WhatsApp “device-linking” feature that enables attackers to take “complete” control of an account, including access to real-time messages, photos, and videos on the web version.

Known as ‘GhostPairing’, the CERT-In issued an advisory, terming it a ‘high’ severity rating, which enables cybercriminals to take complete control of WhatsApp accounts without needing passwords or SIM swaps. It has been reported that malicious actors are exploiting WhatsApp’s device-linking feature to hijack accounts using pairing codes without an authentication requirement.

The advisory further read, “The campaign usually begins with victims receiving a message, such as “Hi, check this photo”, from a trusted contact. The message contains a link with a Facebook-style preview. The link leads to a fake Facebook viewer that prompts users to “verify” to see the content.

Here the attackers exploit WhatsApp’s “link device via phone number” feature by tricking unsuspecting users to enter their phone number”.

The CERT-In is the national technology arm to combat cyber-attacks and guard the Indian Internet space.In a nutshell, the ‘GhostPairing’ attack tricks users into granting an attacker’s browser access, as an additional trusted and hidden device, by using a pairing code that looks authentic.”

The advisory said that the “high” severity attack campaign usually begins with the victim receiving a message like “Hi, check this photo” from a “trusted” contact.

The message contains a link with a Facebook-style preview. The link leads to a “fake” Facebook viewer that prompts users to “verify” to see the content. Here, the attackers exploit WhatsApp’s “link device via phone number” feature by tricking unsuspecting users into entering their phone numbers, the advisory said.

This way, the victims “unknowingly” grant the attackers full access to their WhatsApp accounts.

The advisory said that once the attacker links their device, they get almost the same access as the victim would get on WhatsApp web. They can read messages that sync to their device, receive new messages in real-time, view photos, videos and voice notes, and they can send messages to the victim’s contacts and group chats, the advisory said.

It suggested such counter-measures as not clicking suspicious links even if they come from known contacts and not entering one’s phone number on external sites claiming to be WhatsApp or Facebook.

In another advisory, the CERT-In has highlighted that multiple vulnerabilities exist in the Google Chrome for desktop due to out-of-bounds read and write in V8 and use-after-free in WebGPU.

be alert

Once the attacker links their device, they get almost the same access as the victim would get on WhatsApp web. They can read messages that sync to their device, receive new messages in real-time, view photos, videos and voice notes, and they can send messages to the victim’s contacts and group chats, the advisory said