India Issues High-Severity ‘GhostPairing’ Warning on WhatsApp Device-Linking Hijack

GhostPairing echoes the 2016 “Google Docs” phishing wave—when a convincing link silently granted OAuth access to millions—showing that the most dangerous hacks weaponise official workflows, not break them. It also recalls 2019’s Pegasus controversy, where WhatsApp’s very strength (ubiquity and rich APIs) became an entry point for surveillance. Over the last decade, messaging apps have layered convenience features (multi-device, phone-number logins) faster than they have re-imagined threat models; social-engineering campaigns now scale globally in hours, exploiting network trust rather than code flaws. India, with the world’s largest WhatsApp user base and an aggressive “Digital Nagrik” push, sits at the fault-line: each breach erodes public confidence in end-to-end encryption and nudges regulators toward tighter oversight of foreign tech. On a century horizon, the episode is a small but telling datapoint in the battle between usability and sovereignty in digital communications—showing that identity verification, not encryption, may be the weakest link in mass-adopted secure messaging.