A week after the announcement Implementation The famous Voice Chat Clubhouse is taking steps to ensure that user data is not stolen from malicious hackers or spies, at least one attacker has proven that direct voice to the platform can be pulled.
A Clubhouse spokeswoman said: An unknown user was able to broadcast Clubhouse audio feeds this weekend from multiple rooms to a third-party website.
While the company says: It has permanently banned this specific user and put in place new safeguards to prevent a recurrence, the researchers stress that the platform may not be in a position to make such promises.
The Stanford Internet Observatory (SIO), which was the first to raise security concerns publicly, said on February 13 that an app user should assume that all conversations are being recorded.
Alex Stamos, director of the Stanford Internet Observatory and a former director of security at Facebook, said: The app cannot make any privacy promises to conversations that take place anywhere around the world.
Stamos and his team were also able to confirm that Clubhouse is relying on a Shanghai-based startup called Agora to handle much of its back-end operations.
While Clubhouse is responsible for its user experience, such as: adding new friends and finding rooms, the platform relies on the Chinese company to process data traffic and produce audio.
Stamos said the Clubhouse’s reliance on Agora raises widespread privacy concerns, especially for Chinese citizens and dissidents who think the talks are outside the reach of the state.
Agora said it could not comment on the security of Clubhouse’s privacy protocols, and insisted that it did not store or share account information for any of its customers, and made clear that it was committed to making its products as safe as possible.
Over the weekend, cybersecurity experts noticed that audio and metadata had been pulled from the Clubhouse to another location.
And the culprit behind the voice theft created a way to remotely share his login information with the rest of the world, and the problem was People thought these conversations were private.
While the app refused to explain the steps it took to prevent a similar breach, solutions may include preventing the use of external apps to access chat room audio without actually entering a room or limiting the number of rooms a user can access at one time.
Stanford Internet Monitor earlier this month released a report saying it had noticed that metadata from the Clubhouse chat room was being transferred to servers hosted in China.
Agora’s obligations toward cybersecurity laws in China mean that it is legally required to help locate a voice if the government claims it endangers national security.