Clubhouse Chats Have Been Breached
Concerns over security are raised as hackers steal audio chats.
A short while ago, news reports revealed that social networking app Clubhouse was exposed to a major security breach and the application is currently reviewing its data. The company that owns the app also confirmed that it is looking to use specialized services to secure user data and add more encryption to prevent any future leakage.
This only happens a week after Clubhouse’s declaration of tightening security measures, including blocking the app from “transferring pings” to servers based in China and increased encryption to safeguard conversations.
Breaking news: Clubhouse audio getting hacked all audio being sucked out. Coming out of China. Story Developing cc @siliconangle
— John Furrier (@furrier) February 21, 2021
Launched in March 2020, Clubhouse is an invite-only, part talkback radio, part conference call, app based on audio-chat. Users can listen in to conversations, interviews, and discussions between interesting people on various topics – it is just like tuning in to a live podcast with an added layer of exclusivity.
Alex Stamos, director of the Stanford Internet Observatory (SIO) and Facebook Inc.’s former security chief stated that “Clubhouse cannot provide any privacy promises for conversations held anywhere around the world”.
Stamos and his team confirmed that Clubhouse relies on Agora Inc., a Shanghai-based startup, to manage most of its back-end operations. Even though Clubhouse is accountable for its user experience, like adding new friends and scouting up rooms, the platform relies on the Chinese company to handle its data traffic and audio production. Clubhouse’s reliance on Agora is a cause of concern for extensive privacy, especially for Chinese citizens and dissidents under the impression their conversations are off the beaten track of state surveillance.
Heimdal® Threat Prevention - Endpoint
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;
Although Clubhouse has gained immense popularity among iOS users in a very short period, it is not the first time experts expressed concerns about the application’s security and privacy policies. And these concerns have not proved unjustified. According to Bloomberg, the Chinese hackers used the open-source platform Github to develop an app that also provided Android users with access to audio chats despite the fact that the application is not available for Google’s mobile operating system.
As you can imagine, it didn’t take long for the code to be used to develop similar apps. With those applications, the hackers broke through the security of the Clubhouse backend, developed by Agora Inc. Once in the backend, they could easily stream audio calls from users and upload them to external websites.
A Clubhouse representative confirmed that necessary security measures have been taken to improve the safety of its users. This particular vulnerability should be fixed and users known to have exploited the code have been permanently banned. Despite everything, doubts about the security of the application will not disappear in thin air. In the meantime, it does not seem to bother iOS users, as thousands of them are added every day. According to figures from Statista, the app had a community of 2 million members at the end of January. Allegedly, Facebook is already working on an alternative.