How to send message to multiple people on WhatsApp without creating a group
WhatsApp flaw casts doubt on end-to-end encryption
WhatsApp is undoubtedly one of the most popular apps and mode of communications. However, at times it can be a pain as you have to become part of various groups and it takes a lot of time to keep track of the conversations.
Also, there may be times that you need to send message to certain people who all are not part of one group. While creating a group to send message these people may appear as a solution, it may be painstaking as well as they are disparate.
What is the broadcast list feature?
The broadcast list feature allows users to send a message to several of
their contacts at once. Broadcast lists are saved lists of message recipients that users can use to repeatedly send messages to without having to select them each time. The feature also prevents users from creating unnecessary groups.
How to use Broadcast Lists in WhatsApp?
How to create a broadcast list
* Step 1: Go to WhatsApp and tap on the three dot menu placed on the top right corner of the screen
* Step 2: Now search for or select the contacts you want to add
* Step 3: After this tap on the check mark and your broadcast list is ready.
When you send a message to the broadcast list, it’ll be sent to all Recipients in the list who have your number saved in their phones’ address book. Recipients will receive the message as a normal message.
When they reply, it’ll appear as a normal message in your Chat screen.
You are also allowed to edit your existing broadcast list and can add or delete a contact from there.
How to edit a broadcast list
* Step 1: Open your existing broadcast list
* Step 2: Now tap on the three-dot menu and select Broadcast list info
* Step 3: In the broadcast list info screen you can
1. Change the name of your broadcast list by tapping Edit.
2. Add recipients to the list by tapping Add recipient....
3. Remove recipients by tapping Edit recipients > "x" next to the contacts you want to remove > check mark.
Doubt on end-to-end encryption
A recently fixed WhatsApp security vulnerability that, if exploited, could cause data leakage underscores the fact that hackers can bypass end-to-end encryption with some machinations.
WhatsApp included a patch for the flaw in its February 2021 Security Advisory Report and, in a statement, assured Check Point researchers Dikla Barda and Gal Elbaz—who analyzed the Out-Of-Bounds read-write vulnerability in a blog post—this week that it had “no reason to believe users would have been impacted by this bug” and that users should feel confident “that end-to-end encryption continues to work as intended and people’s messages remain safe and secure.”
The messaging app company pointed to the “multiple steps a user would have needed to take” before the vulnerability could be exploited. Indeed, Check Point acknowledged that the threat “remains theoretical, and would have required complex steps and extensive user interaction in order to exploit” but stresses that doing so “could have allowed an attacker to read sensitive information from WhatsApp memory.”
The vulnerability is related to the WhatsApp image filter functionality and “was triggered when a user opened an attachment that contained a maliciously crafted image file, then tried to apply a filter, and then sent the image with the filter applied back to the attacker,” they said.
The researchers zeroed in on how WhatsApp processes and sends images, using Check Point’s AFL fuzzer “to generate malformed files.” Switching between several filters on crafted GIF files, they caused WhatsApp to crash.
After connecting the phone to its lab and capturing the crash location via adb logcat, Check Point did some reverse engineering to review the crashes, identifying one as memory corruption. At that point, the researchers reported the finding to WhatsApp and the vulnerability was named CVE-2020-1910 Heap-Based out-of-bounds read and write.
In a deeper dive, Barda and Elbaz reverse-engineered the libwhatsapp.so library using a debugger to analyze the crash’s root cause. “The problem is that both destination and source images are assumed to have the same dimensions and also the same format RGBA (meaning each pixel is stored as 4 bytes, hence the multiplication by 4),” the researchers wrote. “However, there are no checks performed on the format of the source and destination images. Therefore, when a maliciously crafted source image has only 1 byte per pixel, the function tries to read and copy 4 times the amount of the allocated source image buffer, which leads to an out-of-bounds memory access.”
Burak Agca, an engineer at Lookout noted that Lookout has “seen multiple variants of the same attack,” and added that attackers “typically execute an exploit chain taking advantage of multiple vulnerabilities across the app and the operating system in tandem.” He pointed to the first such discovered chain that exploited a vulnerability, which has since been patched, in the Safari browser to break out of the application sandbox. After this, multiple operating system vulnerabilities–also since patched–were exploited to elevate privileges and install spyware without the user’s knowledge.
The WhatsApp exploit, he said, “seems to exhibit a similar behavior, and the end-to-end details of these types of exploits came under scrutiny by the security community.”
For individuals and enterprises like, Agca said, “it is clear relying on WhatsApp saying its messaging is encrypted end-to-end is simply not enough to keep sensitive data safe.”
He applauded WhatsApp for the speed and thoroughness of upgrades for this and other vulnerabilities. “WhatsApp continuously updates its applications in order to address these security issues,” Agca said. “Updates to their apps patch the vulnerability in question, and, in addition, they release a server-side fix to prevent any version of the app from being exploited.”
But consumers and organizations need to do their part to remain secure on the app. “WhatsApp users can be proactive and download a mobile security solution that reduces the risk of falling victim to WhatsApp scams—especially ones that try to phish your credentials or quietly install malware,” said Agca.