Sat. Dec 3rd, 2022

Clubhouse spokeswoman Rama Banassi said this weekend an unidentified user was able to stream Clubhouse audio from “multiple rooms” to their own third-party website.

The popular audio chat room app Clubhouse has reportedly said it will take steps to ensure that user data cannot be stolen by malicious hackers or spies. Now, however, at least one cyber attacker has proven that the live audio of the Clubhous platform can be stolen.

Clubhouse spokeswoman Reema Bahnasy said this weekend an unidentified user was able to stream Clubhouse audio from “multiple rooms” to their own third-party website.

While Clubhouse said it would “permanently ban” the user, with new “safety measures” in place to prevent such incidents from happening again. Still, researchers believe that the Clubhouse platform may never deliver on that promise.

On February 13, the Stanford Internet Observatory raised the issue of Clubhouse’s security publicly for the first time. Users of the invitation-only iOS app should assume all conversations will be recorded, the agency said late Sunday.

“Clubhouse cannot offer any privacy promises for any conversation that takes place anywhere in the world,” said Alex Stamos, former head of security at Facebook and now head of SIO.

Stamos and his team also confirmed that Clubhouse relies on Agora Inc., a Shanghai-based startup, to handle most of its back-office operations. While Clubhouse is primarily responsible for user experiences, such as adding new friends and finding rooms, the platform still relies on the Chinese company for data traffic processing and audio production services, Stamos said.

picture

Clubhouse’s reliance on Agora raises widespread privacy concerns, Stamos said. Agora said it couldn’t comment on Clubhouse’s security or privacy protocols, and insisted it would not “store or share personally identifiable information” for any of its customers, of which Clubhouse was just one. “We are committed to making our products as safe as possible,” Agora said.

Over the weekend, cybersecurity experts noticed that some audio and metadata had been moved from the Clubhouse platform to another website. Robert Potter, CEO of Internet 2.0 in Canberra, Australia, said: “A user has built a way to share their login information remotely with the rest of the world. The real problem is that people To think that these conversations were never private.”

The man behind the weekend audio theft has built his own system around a JavaScript toolkit used to compile clubhouse applications. Stamos believes that they actually set up the platform improvised. The SIO has publicly stated that the source or identity of the attackers has not been determined.

SIO researcher Jack Cable said that while Clubhouse declined to explain what exactly it was doing to prevent similar breaches, solutions could include preventing the use of third-party apps to access chat room audio without actually entering the room , or just limit the number of chat rooms a user can enter at the same time.

Most recently, Clubhouse raised $100 million at a $1 billion valuation. Agora’s stock has surged more than 150% since mid-January, and it is now valued at nearly $10 billion.

 

The Links:   LB121S02-A2 BSM400GA120DN2S_E3256 SKM200GAL126D