Clubhouse Promises More Security Fixes After Audio Was Streamed Insecurely From Third-Party Website
Clubhouse has confirmed one of its users was able to take audio feeds from the app and make them accessible from a third-party website. The development has raised security concerns about the invitation-only service.
A Clubhouse spokesperson told Bloomberg that the situation affected “multiple rooms”. The spokesperson also said that the user behind the breach had been “permanently banned”. It says the service put “safeguards” in place to prevent a repeat, however, it reportedly didn’t provide specific details.
Clubhouse has recently received criticism for vulnerabilities in its infrastructure. A report from the Stanford Internet Observatory shows that users’ unique Clubhouse ID numbers and chatroom IDs are transmitted in plaintext. This could theoretically allow an outside observer to reveal who’s behind conservations on the app.
– Facebook Is Reportedly Developing Its Own Clubhouse-Like Audio Chat Service
– Apple is Reportedly Working On A Magnetic Battery Pack Accessory
The app uses Shanghai-based Agora, for its back-end infrastructure. Agora has a legal obligation to assist Chinese authorities in locating the source of audio feeds if the authorities consider it a national security risk as a Chinese company, the observatory said.
Clubhouse in response says it plans to add additional encryption and blocks to bolster its security and prevent the service from pinging servers based in China. It also said it would be hiring an external security firm to review the updates.
Agora told the Stanford Internet Observatory that it only stores user audio or metadata when required for billing and network monitoring purposes. Agora in a statement said it “does not have access to, share, or store personally identifiable end-user data”. It also says it does not route “voice or video traffic from non-China-based users” through China.
For your daily dose of tech, lifestyle, and trending content, make sure to follow Plat4om on Twitter @Plat4omLive; on Instagram @Plat4om, on LinkedIn at Plat4om, and on Facebook at Plat4om. You can also email us at firstname.lastname@example.org and join our channel on Telegram at Plat4om. Finally, don’t forget to subscribe to our YouTube channel HERE.