WhatsApp Ghost Pairing: A Silent Abuse of Linked Devices
Source: Dev.to
In the previous blog, we discussed how to detect if your WhatsApp account has been compromised and the safeguards you can adopt to protect your account against common cyber threats.
Today, I’m going to show you a specific attack that aims to monitor and spy on your conversations without your awareness. This technique is called Ghost Pairing.
What is Ghost Pairing?
Ghost Pairing is an attack vector in which an attacker secretly links their own device to your WhatsApp account using the official Linked Devices feature. Their intention is not to fully take over your account but to let you continue using it normally while they:
- Read all messages you send and receive
- Access your photos, videos, and documents
- Impersonate you by sending messages to your contacts
How Ghost Pairing Works
WhatsApp allows one account to be linked to up to four devices. Ghost pairing abuses this design. The attack does not target WhatsApp’s encryption or internal security; instead, it targets the user, exploiting human behavior to grant unauthorized access.
Physical Access
If you leave your phone unlocked and unattended, an attacker can:
- Link your WhatsApp account to their device without any verification SMS
- Remain logged in on your account (you are not logged out)
- Dismiss the push notification WhatsApp sends for new linked devices
Remote Access
In this scenario the attacker gains access without physically handling your phone, typically through social engineering:
- Convincing you to share the WhatsApp verification code you received via SMS (never share this code).
- Impersonating one of your contacts to trick you into providing the verification code or clicking a malicious link.
- Luring you to a seemingly innocent website that asks you to verify your phone to view content, while silently collecting the verification code.
Why It’s Dangerous
Ghost pairing is especially risky because:
- No obvious takeover – your account still works normally.
- Real‑time spying – messages sync instantly to the attacker’s device.
- Persistent access – the linked device stays active until you manually remove it.
- Perfect for scams – attackers can impersonate you to contacts.
- Low skill barrier – attackers only need to exploit an official WhatsApp feature.
Common Signs of Ghost Pairing
Be alert for these warning signs:
- A linked device you don’t recognize under Settings → Linked Devices.
- Messages marked as “read” when you didn’t open them.
- Contacts receiving messages you don’t remember sending.
- Unusual activity times shown in Last Seen.
How to Protect Yourself
Ghost pairing is easy to prevent if you follow basic security practices:
- Lock your phone (PIN, biometrics, auto‑lock) and never leave it unattended.
- Regularly check Linked Devices and remove any unfamiliar ones.
- Enable notifications for new linked devices.
- Enable two‑step verification (2FA) for your WhatsApp account.