Content area
Full text
A warning for WhatsApp users: cybercriminals have discovered an alarmingly simple way to access a user’s conversations in real time by manipulating the app’s device pairing or linking routine.
Termed ‘GhostPairing’ by researchers at security company Gen Digital (owner of Norton, Avast, Avira, and AVG), no passwords or account details are needed to execute the attack, which was recently detected in Czechia.
All the attacker has to do is persuade a user to click on a malicious link sent to them as a WhatsApp message purporting to reveal a Facebook photo.
In the most common variant of the attack, this throws up a fake page which asks the user to verify themselves by entering their mobile number. This number is then forwarded by the attackers to WhatsApp to initiate the ‘link device via phone number’ feature which adds new devices to an account.
WhatsApp generates an 8-digit pairing code, which is intercepted and forwarded to the user. The user, who sees a new pairing prompt...