Indian Cyber Agency Flags WhatsApp 'Hijack'

CERT-IN states that Ghostpairing is of "high" severity. ( Image Credit: Getty Images )

New Delhi: Indian cyber security agency CERT-In has flagged a vulnerability in the WhatsApp "device-linking" feature that enables attackers to take "complete" control of an account, including access to real-time messages, photos, and videos on the web version.

The agency named the issue "GhostPairing" on Friday in an advisory that has been accessed by PTI.

"It has been reported that malicious actors are exploiting WhatsApp's device-linking feature to hijack accounts using pairing codes without an authentication requirement.

"This newly identified cyber campaign called GhostPairing enables cyber criminals to take complete control of WhatsApp accounts without needing a password or SIM swaps," the advisory said.

A response from WhatsApp to the revelation is awaited.

The Indian computer emergency response team (CERT-In) is the national technology arm to combat cyber attacks and guarding of the Indian Internet space.