 |
| Hacking of Clubhouse voice chats raises concerns |
The popular voice chatting app club announced that it is taking steps to ensure that user data is not stolen from malicious hackers or spies. After a week, at least one attacker demonstrated that real-time speech could be removed from the platform.
A club spokesperson said: This weekend, an unknown user was able to broadcast club audio from multiple rooms to a third-party website.
Although the company has stated that it has permanently banned this user and put in place new safeguards to prevent this from happening, the researchers indicated that the platform may not be able to fulfill these promises.
Stanford Internet Observatory (SIO) was the first to raise safety concerns publicly, saying on February 13 that app users should assume that all conversations are recorded.
The app can't promise privacy for conversations around the world, said Alex Stamos, director of Stanford University's Internet Observatory and former director of security for Facebook.
Stamos and his team can also confirm that the Clubhouse relies on a startup in Shanghai called Agora to run most of its back-end activities.
Clubhouse is responsible for user experience, for example b. Add new friends and find rooms while the platform relies on Chinese companies to handle traffic and generate sound.
Stamos said the club's confidence in Agora has raised a lot of privacy concerns, particularly among Chinese citizens and dissidents who believe the talks are not under state control.
Agora said it could not comment on the security of the club's confidentiality agreement, insisted that it did not store or share account information for clients, and made clear it was committed to making the products as safe as possible.
Over the past weekend, cybersecurity experts discovered that audio and metadata had been transferred from the club to another location.
The voice theft perpetrator devised a way to remotely share their credentials with the rest of the world. The problem is, people think these conversations are private.
The culprit was built around the JavaScript toolkit that was used to compile the Clubhouse app.
Although the app refused to explain the steps that were taken to prevent similar violations, the solution might be to prevent the use of external applications to access chat room audio without physically entering the room, or to limit the number of rooms that users can access simultaneously.
A report released earlier this month by the Stanford Internet Surveillance found that metadata from the club's chat room had been transferred to servers hosted in China.
Agora's commitment to China's cybersecurity law means that if the government claims it threatens national security, it must legally help find a voice.