- Mary Ann Luzon
- BBC Business Reporter
Photo Source, NurPhoto
Clubhouse app invitation screen
Clubhouse, a voice-only social network service, admitted that a conversation in the app was leaked on the 21st.
Clubhouse only allows real-time chat to users in public or private chat rooms. Emphasize that the conversation is not recorded.
But US cybersecurity researchers have informed Twitter that some users have figured out how to leak the conversation.
The Clubhouse told Bloomberg News that it admitted to the leak and removed the user.
It was also reported that a new’safety device’ was prepared to prevent the leakage of dialogue.
The BBC has asked the clubhouse to confirm the facts.
David Till, chief technology officer at Stanford University’s Internet Observatory, who first announced the incident, stressed that it was not a malicious leak or hacking, and that the user violated the terms of the service.
Australian cybersecurity researcher Robert Porter agreed. Porter is the architect of the Washington Post’s cybersecurity operations center.
According to Porter, data leakage is different from data leakage. Leakage is deliberate and occurs when someone hacks into a system to steal data.
On the other hand, data breaches mean that confidential information has leaked into an environment where there is no authority to access information.
According to Porter, the incident occurred when the user discovered that they could access multiple chat rooms simultaneously.
Users who understand how it works, access the Clubhouse’s API through their website, and share their login status with those who want to hear the chat room’s conversations.
“If the talker is a famous person, many people use third-party programs to get the data in the service,” said Porter. “It’s like a program that fetches data from Twitter.”
Security concerns surrounding the clubhouse
Prior to the incident, the Stanford University Internet Observatory, led by Alex Stamus, former chief security officer at Facebook, pointed out a loophole in the clubhouse security.
Clubhouse was confident that user information was safe from cybercriminals and hackers.
One of the security flaws discovered by the researchers at the observatory is that the user’s unique ID number and the ID number of the chat room they created are transmitted in plain text.
There is a possibility to find a specific user with such ID information.
The researchers were also concerned that the Chinese government could have access to audio files on the clubhouse server.
Photo Source, NurPhoto
Experts are concerned about clubhouse security issues
The back-end operation such as data server management and personal information management of Clubhouse is currently in charge of API platform Agora. Agora has offices in San Francisco, USA and Shanghai, China respectively.
When Agora was listed on the NASDAQ in the US stock market in June of last year, the documents submitted to the US Securities and Exchange Commission contained the following.
“Agora is required by law to provide assistance to Chinese public security and national security authorities to support national security and criminal investigations in China.”
The Stanford University Internet Observatory announced on the 12th that it notified the Clubhouse of the security gap and is working with the Clubhouse to compensate.
“Clubhouse chat room is’half open’“
It’s surprising, but not new, that voice conversations in the clubhouse can flow out of the app.
Users already use the recording and recording devices built into their electronic devices to store conversations between celebrities such as Tesla founder Elon Musk and American actor Kevin Hart and share them on YouTube, a video-sharing site.
Photo Source, YouTube
Clubhouse chat room with Elon Musk
This is an obvious violation of the Clubhouse Terms and Conditions. But Till warned that in fact, you shouldn’t expect private conversations.
Till wrote on his Twitter, “Considering the issues related to Agora and the fact that everyone has a microphone, the clubhouse chat room is’half-public’.”
Porter points out that the clubhouse suffers from this problem because it is a new service.
“Many people have great expectations for the clubhouse because of the new service,” he said. “Considering the characteristics that require invitations, the conversation should be private.”
Porter said, “Zoom and Tiktok have suffered similar things.” “He added.
He advises users that it is necessary to face the reality of what these platforms do with user information.
“I have to admit that the new social media platforms are not as good as the older ones when it comes to security and privacy. If you’re an early adopter, you’ll have to experience bugs too. .”