Indian cyber agency flags WhatsApp ‘hijack’

Indian cyber security agency CERT-In has flagged a vulnerability in the WhatsApp “device-linking” feature that enables attackers to take “complete” control of an account, including access to real-time messages, photos, and videos on the web version.

The agency named the issue “GhostPairing” on Friday in an advisory that has been accessed by PTI.

“It has been reported that malicious actors are exploiting WhatsApp’s device-linking feature to hijack accounts using pairing codes without authentication requirement.

“This newly identified cyber campaign…