{"id":275487,"date":"2025-12-21T01:04:39","date_gmt":"2025-12-20T19:34:39","guid":{"rendered":"https:\/\/arunachaltimes.in\/?p=275487"},"modified":"2025-12-21T01:04:39","modified_gmt":"2025-12-20T19:34:39","slug":"indian-cyber-agency-flags-whatsapp-hijack","status":"publish","type":"post","link":"https:\/\/arunachaltimes.in\/index.php\/2025\/12\/21\/indian-cyber-agency-flags-whatsapp-hijack\/","title":{"rendered":"Indian cyber agency flags WhatsApp &#8216;hijack&#8217;"},"content":{"rendered":"<p style=\"text-align: justify;\">\n<p style=\"text-align: justify;\"><strong>[ Neelabh Srivastava ]<\/strong><\/p>\n<p style=\"text-align: justify;\"><strong>NEW DELHI, 20 Dec:<\/strong> Indian cyber security agency CERT-In has flagged a vulnerability in the WhatsApp &#8216;device-linking&#8217; feature that enables attackers to take &#8216;complete&#8217; control of an account, including access to real-time messages, photos, and videos on the web version.<\/p>\n<p style=\"text-align: justify;\">The agency named the issue &#8220;GhostPairing&#8221; on Friday in an advisory that has been accessed by PTI.<\/p>\n<p style=\"text-align: justify;\">&#8220;It has been reported that malicious actors are exploiting WhatsApp&#8217;s device-linking feature to hijack accounts using pairing codes without authentication requirement.<\/p>\n<p style=\"text-align: justify;\">&#8220;This newly identified cyber campaign called GhostPairing enables cyber criminals to take complete control of WhatsApp accounts without needing password or SIM swaps,&#8221; the advisory said.<\/p>\n<p style=\"text-align: justify;\">A response from WhatsApp to the revelation is awaited.<\/p>\n<p style=\"text-align: justify;\">The Indian computer emergency response team (CERT-In) is the national technology arm to combat cyber attacks and guarding of the Indian internet space.<\/p>\n<p style=\"text-align: justify;\">The advisory said that the &#8220;high&#8221; severity attack campaign usually begins with the victim receiving a message like &#8220;Hi, check this photo&#8221; from a &#8220;trusted&#8221; contact.<\/p>\n<p style=\"text-align: justify;\">The message contains a link with a Facebook-style preview. The link leads to a &#8220;fake&#8221; Facebook viewer that prompts users to &#8220;verify&#8221; to see the content. Here, the attackers exploit WhatsApp&#8217;s &#8220;link device via phone number&#8221; feature by tricking unsuspecting users into entering their phone numbers, the advisory said.<\/p>\n<p style=\"text-align: justify;\">This way, the victims &#8220;unknowingly&#8221; grant the attackers full access to their WhatsApp accounts.<\/p>\n<p style=\"text-align: justify;\">The &#8216;GhostPairing&#8217; attack tricks users into granting an attacker&#8217;s browser access, as an additional trusted and hidden device, by using a pairing code that looks authentic.<\/p>\n<p style=\"text-align: justify;\">\u00a0The advisory said that, once the attacker links their device, they get almost the same access as the victim would get on WhatsApp web.<\/p>\n<p style=\"text-align: justify;\">They can read messages that sync to their device, receive new messages in real-time, view photos, videos and voice notes, and they can send messages to the victim&#8217;s contacts and group chats, the advisory said.<\/p>\n<p style=\"text-align: justify;\">The agency suggested such counter-measures as not clicking suspicious links even if they come from known contacts and not entering one&#8217;s phone number on external sites claiming to be WhatsApp or Facebook. (PTI)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ Neelabh Srivastava ] NEW DELHI, 20 Dec: Indian cyber security agency CERT-In has flagged a vulnerability in the WhatsApp &#8216;device-linking&#8217; feature that enables attackers to take &#8216;complete&#8217; control of an account, including access to real-time messages, photos, and videos on the web version. The agency named the issue &#8220;GhostPairing&#8221; on Friday in an advisory [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":{"0":"post-275487","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-state-news"},"_links":{"self":[{"href":"https:\/\/arunachaltimes.in\/index.php\/wp-json\/wp\/v2\/posts\/275487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arunachaltimes.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/arunachaltimes.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/arunachaltimes.in\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/arunachaltimes.in\/index.php\/wp-json\/wp\/v2\/comments?post=275487"}],"version-history":[{"count":0,"href":"https:\/\/arunachaltimes.in\/index.php\/wp-json\/wp\/v2\/posts\/275487\/revisions"}],"wp:attachment":[{"href":"https:\/\/arunachaltimes.in\/index.php\/wp-json\/wp\/v2\/media?parent=275487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/arunachaltimes.in\/index.php\/wp-json\/wp\/v2\/categories?post=275487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/arunachaltimes.in\/index.php\/wp-json\/wp\/v2\/tags?post=275487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}