Millions of users in India have made WhatsApp an important aspect of their day-to-day communication and therefore any vulnerability to an attack is a matter of concern. In the recent past, the cybersecurity watchdog CERT-In in India warned about a newer method of attack in a high severity known as GhostPairing that can silently provide a WhatsApp account to the hackers. What is so scary about this threat is that it does not depend on the old methods of tricks such as stealing OTPs or replacing SIM cards and is therefore difficult to detect by the user.
WhatsApp has a device-linking feature that is connected to GhostPairing that enables users to have their account connected to the device. This harmless feature is used by the attackers who manipulate the users into connecting their WhatsApp account to a hackers browser or device. After connecting, the hacker is able to see the chat, media files, voice notes and even incoming messages in real time using WhatsApp Web.
The attack begins typically with a message by a contact that the person has known, and in most cases, as one whose account is already compromised. The message should be crafted to generate curiosity or sense of urgency like saying that there is a photo or a video of the recipient. When the user clicks the link, he or she is redirected to a counterfeit verification page, which looks very similar to the interface of WhatsApp or Facebook, and it is hard to detect the fraud.
In one of the approaches, the user is requested to enter his or her phone number and has to come up with an 8-digit pairing code that seems to be valid. In fact, this code connects the device owned by the hacker to the account of the victim. In another version, the victims are duped into scanning a QR code displayed on the fraudulent page and immediately giving the attacker access via WhatsApp Web.
The thing about GhostPairing that makes it especially dangerous is its invisibility. As a result of the subject of the official linked-device system of WhatsApp, users do not get regular security warnings or forced log-ins. Their WhatsApp remains continuously functioning, and the attacker is listening to the conversation without notice, days or even weeks.
To be on the safe side, users are advised not to open unanticipated links, regardless of them looking to be the source of the familiar persons. The ability to frequently monitor the Linked Devices section of WhatsApp settings and eliminate unknown-device can also be used to prevent unauthorized access.
