The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity alert for WhatsApp users in India over a critical vulnerability called ‘GhostPairing’. The flaw could allow hackers to execute remote code, gain unauthorised access to WhatsApp accounts, and compromise sensitive personal data. CERT-In has advised users to update WhatsApp to the latest version and take account security measures to stay protected from cyber threats.

The 'GhostPairing' vulnerability specifically targets the multi-device functionality of WhatsApp. It exploits a weakness in how new devices are linked to an existing WhatsApp account, potentially allowing an attacker to establish a stealthy, unauthorized session. This "ghost" session would then grant the attacker control over the user's account without their explicit knowledge or continuous interaction. WhatsApp New Feature Update: Meta-Owned Platform Rolling Out Confetti Animations for Message Reactions for New Year To Enhance Users’ Engagement; Available as Beta.

Once exploited, an attacker could send messages, access chat histories, and potentially execute malicious code on the victim's device. The nature of the exploit makes it particularly dangerous as it could bypass traditional two-factor authentication methods if the initial compromise is successful.

How GhostPairing Works

While the full technical details of the exploit are often kept confidential to prevent further misuse, 'GhostPairing' is understood to leverage a flaw in the session management or QR code pairing process. Instead of requiring the user to scan a QR code for every new device, the vulnerability could allow an attacker to trick the system into creating a persistent, unauthorized link.

This rogue session would then operate in the background, mirroring the user's WhatsApp activity and allowing the attacker to interact with their contacts and data as if they were the legitimate user. The stealthy nature of this 'ghost' session makes it difficult for users to detect without actively checking linked devices. What Is WhatsApp Image Scam? How To Protect Yourself From Online Fraud That Made Jabalpur Man Lose INR 2 Lakh After Downloading Photo.

CERT-In's Advisory and Recommendations

CERT-In, the national agency responsible for responding to computer security incidents, has classified this vulnerability as high-severity. Their advisory highlights the potential for widespread impact given WhatsApp's immense user base in India. The agency has strongly recommended several actions for all WhatsApp users: Update WhatsApp Immediately: Users are advised to update their WhatsApp application to the latest available version from official app stores (Google Play Store for Android, Apple App Store for iOS). These updates typically contain patches for known security vulnerabilities.

Review Linked Devices: Users should regularly check their "Linked Devices" section within WhatsApp settings. Any unfamiliar or unauthorized devices should be immediately unlinked. Practice Caution: Be wary of suspicious links, unsolicited messages, or any unusual activity on your WhatsApp account. Enable Two-Step Verification: While not directly mitigating 'GhostPairing' once exploited, Two-Step Verification adds an extra layer of security during account registration, making it harder for attackers to initially set up an account with your number.

WhatsApp Security

WhatsApp, owned by Meta, is one of the most widely used messaging applications globally, with hundreds of millions of users in India alone. Its end-to-end encryption is a cornerstone of its security, but vulnerabilities in the application's infrastructure or features, such as multi-device linking, can still pose significant risks. CERT-In regularly issues advisories for various software and platforms to keep Indian users informed about potential cyber threats. The 'GhostPairing' warning underscores the ongoing need for vigilance and timely software updates to maintain digital security in an evolving threat landscape.

TruLY Score by LatestLY
Rating:3

TruLY Score 3 – Believable; Needs Further Research | On a Trust Scale of 0-5 this article has scored 3 on LatestLY, this article appears believable but may need additional verification. It is based on reporting from news websites or verified journalists (The Indian Express), but lacks supporting official confirmation. Readers are advised to treat the information as credible but continue to follow up for updates or confirmations

(The above story first appeared on LatestLY on Dec 21, 2025 05:00 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).