A novel way of launching cyber attacks has emerged recently and is slowly, buy steadily taking on the western countries like UK and USA. It’s a WhatsApp based social engineering cyber attack dubbed as “Ghost Pairing” aimed at smart phone users by security experts.
So, what exactly is Ghost Pairing?
Ghost Pairing is a type of attack that targets Bluetooth technology, which is widely used to connect devices like smartphones, laptops, headphones, fitness trackers, and even cars. The attack allows hackers to gain unauthorized access to Bluetooth-enabled devices without the device owner’s knowledge or consent and is prevailing since 2012.
But now, as the tech has evolved, threat actors are seen using the attack via WhatsApp accounts meant to take over thereafter. This is done without the victim’s awareness or consent. It allows the attacker to monitor messages, send messages, and control your WhatsApp session remotely.
This attack is called “Ghost pairing” because the attacker is essentially operating in the background, and the victim remains unaware of any suspicious activity.
How the Attack Works
1.WhatsApp Web Overview: WhatsApp Web is a feature that lets you access your WhatsApp messages on a computer or other device through a browser. To set it up, you scan a QR code that appears on the WhatsApp Web page using the WhatsApp app on your phone. Once the code is scanned, the phone is linked to that browser session, allowing the user to send and receive messages directly from the computer.
2.The Attack Setup:
A.) Malicious QR Code: The attacker may use various tactics to trick the victim into scanning a malicious QR code. For example, they might send a phishing link that appears to be from WhatsApp, asking the victim to scan the QR code for some fake purpose (like verifying their account, checking messages, or a so-called “security update”
B.) Impersonating WhatsApp Support: The attacker may impersonate WhatsApp or another trusted entity and send a link to a fake page that looks like WhatsApp Web, where the victim is encouraged to scan the QR code.
C.) Wi-Fi Spoofing: In some cases, attackers may set up rogue Wi-Fi networks to trick users into connecting their phones to a network controlled by the attacker. Once connected, the attacker can capture data, including the victim’s QR code scan.
3.Pairing the Devices: When the victim scans the malicious QR code, it doesn’t link their phone to the hacker’s device but instead pairs the hacker’s device with the victim’s WhatsApp account. At this point, the hacker has full access to the victim’s WhatsApp Web session, allowing them to:
i) Read messages in real-time.
ii) Send messages from the victim’s account, which could be used for fraud or to impersonate the victim.
Iii) Access media files (photos, videos, audio, etc.) sent or received by the victim.
iV) Track activity like who the victim is chatting with and when, and potentially use this information for further exploitation.
4.Ghost Operation: The key aspect of this attack is that the victim is unaware. They may not notice any suspicious activity because WhatsApp Web doesn’t alert users when a new device is connected unless they actively check the “Linked Devices” section of their app. The hacker can continue operating in the background without the victim noticing any issues.
How Attackers Use the Information
Once the attacker has access to the victim’s WhatsApp account, they can:
•Spy on Personal Conversations: The attacker can view and collect personal information, such as sensitive messages, images, and videos, which may be used for blackmail, extortion, or identity theft.
•Send Fraudulent Messages: They might impersonate the victim to send messages to their contacts. For example, the attacker could ask for money, send malicious links, or engage in other forms of social engineering (such as getting others to reveal their personal information).
•Exploit Trust: Since WhatsApp is often used for personal, private communication, attackers can exploit the victim’s social network by sending fake messages that appear to be from the victim, leading to more attacks on friends or family.
Conclusion
The ghost pairing attack is a serious threat that leverages WhatsApp Web to gain unauthorized access to your account. By tricking the victim into scanning a malicious QR code, an attacker can secretly pair their device with your account and carry out a variety of malicious activities.
Being vigilant about your security practices, checking for active sessions, and ensuring you don’t fall for phishing tactics are all key steps in protecting yourself from this type of cyberattack.
Join our LinkedIn group Information Security Community!
