### GhostPairing: A New Cyber Threat to WhatsApp Users Recent reports from India's Computer Emergency Response Team (CERT-In) have unveiled a significant security vulnerability in WhatsApp, termed "GhostPairing." This flaw allows hackers to gain complete control over user accounts without requiring passwords, SIM swaps, or one-time passwords (OTPs). The GhostPairing scam exploits WhatsApp's device-linking feature, posing a serious risk to millions of users who may unknowingly authorize malicious devices to access their accounts [https://www.timesnownews.com/india/ghostpairing-warning-govt-says-hackers-can-gain-full-control-of-whatsapp-all-you-need-to-know-article-153328060]. ### Understanding the GhostPairing Threat 1. **Nature of the Attack**: - GhostPairing allows cybercriminals to hijack WhatsApp accounts by tricking users into linking their accounts to unauthorized devices. This is done through social engineering tactics, where victims are misled into approving a malicious device [https://www.indiatvnews.com/technology/news/whatsapp-ghostpairing-scam-alert-millions-of-users-at-risk-of-silent-account-hacking-2025-12-21-1022701]. 2. **Mechanism of Exploitation**: - The attack leverages WhatsApp's legitimate device-linking feature, which is intended for users to connect their accounts to multiple devices. Hackers exploit this by sending deceptive messages that prompt users to approve a connection to a malicious device [https://www.techlusive.in/news/cert-in-issues-high-risk-warning-on-whatsapp-ghostpairing-attack-targeting-indian-users-1633291]. 3. **Potential Consequences**: - Once a hacker gains access, they can read messages, view photos, and access sensitive personal data without the victim's knowledge. This can lead to identity theft, financial loss, and privacy violations [https://www.livemint.com/technology/tech-news/what-is-ghostpairing-the-whatsapp-scam-that-hijacks-accounts-without-otps-or-sim-swaps-11766202437121.html]. ### Evidence of the Threat - **Severity of the Vulnerability**: CERT-In has classified the GhostPairing vulnerability as high-severity, indicating the potential for widespread impact on user security [https://www.deccanchronicle.com/nation/in-other-news/whatsapp-device-linking-feature-that-enables-attackers-to-take-complete-control-of-an-account-1925225]. - **User Impact**: Millions of WhatsApp users are at risk, as the attack can occur silently without any immediate signs of compromise [https://www.analyticsinsight.net/news/what-is-ghostpairing-whatsapp-scam-hijacks-accounts-without-otps-or-sim-swaps]. - **Recommendations for Users**: Users are advised to regularly check their linked devices, avoid suspicious links, and enable two-step verification to enhance their account security [https://www.techjuice.pk/whatsapp-ghostpairing-hackers-can-hijack-your-account-without-a-password]. ### Conclusion: Protecting Yourself from GhostPairing In summary, the GhostPairing scam represents a serious threat to WhatsApp users, allowing hackers to hijack accounts without traditional security measures like passwords or OTPs. 1. **Awareness**: Users must be vigilant about the links they click and the devices they authorize. 2. **Security Measures**: Enabling two-step verification and regularly monitoring linked devices can help mitigate risks. 3. **Stay Informed**: Keeping abreast of cybersecurity advisories from trusted sources like CERT-In is crucial for maintaining digital safety. By understanding the nature of the GhostPairing threat and taking proactive steps, users can better protect their personal information and maintain the integrity of their WhatsApp accounts [https://www.digitalcitizen.life/new-ghostpairing-scam-lets-hackers-take-over-whatsapp-accounts-without-login-codes].