A
News Technology Govt warning: Attackers can hijack WhatsApp via 'GhostPairing' vulnerability; all you need to know

Govt warning: Attackers can hijack WhatsApp via 'GhostPairing' vulnerability; all you need to know

The 'GhostPairing' vulnerability in WhatsApp enables attackers to seize full control of an account, providing them with unrestricted access to real-time messages, photos, and videos through the web interface.

Attackers can hijack WhatsApp via 'GhostPairing' Image Source : FILEAttackers can hijack WhatsApp via 'GhostPairing'
Written By: Om Gupta
Published : Dec 20, 2025 18:18 IST
Updated : Dec 20, 2025 18:18 IST
New Delhi:

The Indian cybersecurity agency CERT-In has flagged a critical vulnerability in WhatsApp's "device-linking" feature. This exploit allows attackers to gain "complete" control over an account, granting them access to real-time messages, photos, and videos via the web version.

In an advisory issued on Friday, the agency labeled the campaign "GhostPairing".

"It has been reported that malicious actors are exploiting WhatsApp's device-linking feature to hijack accounts using pairing codes without the need for authentication. This newly identified cyber campaign, 'GhostPairing,' enables criminals to take full control of accounts without requiring passwords or SIM swaps," the advisory stated.

A formal response from WhatsApp regarding these revelations is currently awaited. As the national technological arm for combating cyberattacks, CERT-In (Indian Computer Emergency Response Team) is responsible for guarding the Indian internet space.

How the "GhostPairing" attack works

According to the advisory, this "high" severity attack typically begins when a victim receives a message, often from a "trusted" contact, saying something like, "Hi, check this photo".

  1. The Bait: The message contains a link with a Facebook-style preview.
  2. The Deception: Clicking the link leads to a "fake" Facebook viewer that prompts the user to "verify" their identity to see the content.
  3. The Exploit: At this stage, attackers exploit the "link device via phone number" feature by tricking users into entering their phone numbers on the fraudulent site.
  4. The Takeover: By doing so, victims unknowingly generate a pairing code that grants the attacker’s browser full access to their account as a hidden, "trusted" device.

The impact of a hijacked account

Once the attacker successfully links their device, they gain nearly identical access to the account as a user would on WhatsApp Web. They can:

  • Read synced messages and receive new ones in real-time.
  • View private photos, videos, and voice notes.
  • Send messages to the victim's personal contacts and group chats.

Recommended counter-measures

To stay safe, CERT-In suggests the following precautions:

  • Avoid Suspicious Links: Do not click on unexpected links, even if they appear to come from known contacts.
  • Verify External Sites: Never enter your phone number on external websites claiming to be WhatsApp or Facebook.
  • Check Linked Devices: Regularly review the "Linked Devices" section in your WhatsApp settings and log out of any unrecognized sessions.

ALSO READ: Redmi Note 15 5G price leaked ahead of launch: How much it will cost