The popular audio chat room application Clubhouse said it is taking steps to ensure that malicious hackers or spies will not steal user data. One week after at least one attacker proved that the platform’s real-time audio can be tapped.

Clubhouse spokesperson Reema Bahnasy said an unidentified user was able to stream “multiple rooms” Clubhouse audio to his third-party website this weekend. Although the company stated that it has “permanently banned” this particular user and installed new “safeguards” to prevent recurrence, the researchers believe that the platform may not be able to make such promises.

Users of the invite-only iOS app should assume that all conversations have been recorded. The Stanford Internet Observatory publicly raised security issues for the first time on February 13. “Clubhouse cannot provide any privacy guarantees for conversations conducted anywhere in the world,” said Alex Stamos, director of SIO and former head of security at Facebook.

Stamos and his team were also able to confirm that Clubhouse relies on a Shanghai-based startup company called Agora to handle most of its back-end business. He said that although Clubhouse is responsible for its user experience, such as adding new friends and finding rooms, the platform relies on Chinese companies to handle its data traffic and audio production.

Stamos said that the club’s reliance on Agora has caused widespread privacy issues, especially for Chinese citizens and dissidents whose conversations are beyond the scope of national surveillance, especially for them.

Agora said it was unable to comment on Clubhouse’s security or privacy agreements, and insisted that it would not “store or share personally identifiable information” for any of its customers, of which Clubhouse was just one of them. The company said: “We are committed to making our products as safe as possible.”

READ  South Korean authorities formally file fraud charges against Coinbit executives

Last weekend, cybersecurity experts noticed that audio and metadata had been moved from Clubhouse to another site. Robert Potter, CEO of Internet 2.0 in Canberra, Australia, said: “Users have set up a way to remotely share their login names with the rest of the world.” “The real problem is that people think these conversations are always private.”

The main culprit for audio theft over the weekend was to build its own system around the JavaScript toolkit used to compile the Clubhouse application. Stamos said they effectively reviewed the platform. SIO said it is not sure of the origin or identity of the attacker.

Jack said that although Clubhouse declined to explain what measures it took to prevent similar violations, the solution might include blocking the use of third-party apps to access chat room audio without actually entering the room or only limiting the number of rooms that users can enter at the same time. . Cable, a researcher at SIO.

A week ago, SIO issued a report stating that it observed metadata from Clubhouse chat rooms “being relayed to a server that we think will be hosted.” Agora’s obligation to China’s cybersecurity law means that if the government argues that it endangers national security, it will legally require Agora to assist in finding audio.

Clubhouse recently raised US$100 million (approximately Rs 725 crore), and is reportedly valued at US$1 billion (approximately Rs 725.5 crore). Since mid-January, Agora has soared by more than 150%. It is now worth close to US$10 billion (about Rs 72,550 crore).

In early February, users at the China Club stated that they could not access the app after a surge in discussions among mainland users on taboo topics from Taiwan to Xinjiang. It seems that users can still use the virtual private network to access the application, which is one of the few ways that mainland Chinese people can browse the Internet except for the firewall.

READ  Google Chrome Labs allows users to easily try new experimental features on Chrome Canary

©2021 Bloomberg (Bloomberg LP)


Is the Samsung Galaxy S21+ the perfect flagship for most Indians? We discussed this on the weekly technical podcast Orbital, you can subscribe via Apple Podcast, Google Podcast or RSS, download the episode, or click the play button below.