Can someone 'hijack' your WhatsApp? Govt cyber agency flags GhostPairing issue! Should users worry? EXPLAINED

WhatsApp Security Issues 2025: With messaging platforms becoming deeply embedded in daily communication, cybercriminals are increasingly shifting focus towards exploiting trust rather than technology alone. Popular apps used for personal chats, professional coordination and information sharing have emerged as lucrative targets, especially as users rely on them for sensitive conversations and media exchange. Security experts have repeatedly warned that even widely used platforms are not immune to sophisticated attack methods that operate quietly in the background, often without triggering immediate suspicion.

In a fresh alert, India’s national cyber security agency has drawn attention to a newly observed threat affecting a widely used messaging service, flagging concerns over unauthorised account access and potential misuse of personal data.

What is the WhatsApp ‘ GhostPairing’ vulnerability?

Indian cyber security agency CERT-In has flagged a vulnerability in the WhatsApp "device-linking" feature that enables attackers to take "complete" control of an account, including access to real-time messages, photos, and videos on the web version.

The agency named the issue "GhostPairing" on Friday in an advisory that has been accessed by news agency PTI.

How attackers can hijack accounts without passwords or SIM swaps

"It has been reported that malicious actors are exploiting WhatsApp's device-linking feature to hijack accounts using pairing codes without authentication requirement.

"This newly identified cyber campaign called GhostPairing enable cyber criminals to take complete control of WhatsApp accounts without needing password or SIM swaps," PTI quoted the advisory as stating.

A response from WhatsApp to the revelation is awaited.

What is CERT-In and why the advisory matters

The Indian computer emergency response team (CERT-In) is the national technology arm to combat cyber attacks and guarding of the Indian Internet space.

How the ‘GhostPairing’ attack typically begins

The advisory said that the "high" severity attack campaign usually begins with the victim receiving a message like "Hi, check this photo" from a "trusted" contact.

Fake verification trick used to exploit users

The message contains a link with a Facebook-style preview. The link leads to a "fake" Facebook viewer that prompts users to "verify" to see the content. Here, the attackers exploit WhatsApp's "link device via phone number" feature by tricking unsuspecting users into entering their phone numbers, the advisory said.

This way, the victims "unknowingly" grant the attackers full access to their WhatsApp accounts.

The 'GhostPairing' attack tricks users into granting an attacker's browser access, as an additional trusted and hidden device, by using a pairing code that looks authentic.

What attackers can do after hijacking the account

The advisory said that once the attacker links their device, they get almost the same access as the victim would get on WhatsApp web.

They can read messages that sync to their device, receive new messages in real-time, view photos, videos and voice notes, and they can send messages to the victim's contacts and group chats, the advisory said.

CERT-In’s safety advice for WhatsApp users

The agency suggested such counter-measures as not clicking suspicious links even if they come from known contacts and not entering one's phone number on external sites claiming to be WhatsApp or Facebook.