A new audio chat room app, Clubhouse, has confirmed that it has been breached as one user managed to stream audio content from the app on a website. Clubhouse confirmed the security breach in February 2021. Clubhouse has been one of the buzziest apps on social media since its release in March 2020, with a valuation of over $1 billion roughly just after a year of its release.
Clubhouse is an online networking app that allows users to gather in chat rooms and discuss various topics in the form of a group. Users can only access with an invite code, and there is a moderator overseeing the discussions. However, recently a programmer in China released an open-source code that allowed users to listen to the audio on Clubhouse without an invite code.
Clubhouse Security Breach
According to Reema Bahnasy, a spokesperson for Clubhouse, “an unidentified user was able to stream audio feeds from multiple chat rooms in Clubhouse on their third-party website.” She also said that since the attack, the company has installed “new safeguards” to prevent such an incident from happening again. However, the tech researchers and experts believe that Clubhouse is in no position to make such promises. Therefore, people need to be careful when using Clubhouse and other new social networking apps.
Online security experts recommend using a VPN when accessing such sites to stay anonymous as it encrypts your online traffic. So, make sure to get your online privacy secured with NordVPN when using the internet.
The culprit built their own system around the Clubhouse application’s JavaScript toolkit and pulled audio and metadata from the app. Audio from multiple chat rooms were streamed on a different website. Robert Potter, a cyber-security expert who built the Washington Post’s cybersecurity center, says that Clubhouse security breach was not a “hack,” it was more like the user violated the app's terms. Meaning, the incident occurred because the culprit realized that it was easy to be in multiple chat rooms at the same time. Therefore, he could connect Clubhouse API to his website and made it possible for anyone to listen to audio chats.
Clubhouse Security Concerns
“Clubhouse cannot provide any privacy promises for conversations held anywhere around the world,” said Alex Stamos, Facebook Inc.’s former security chief. Stamos and his team also revealed that Clubhouse relies on Agora.Inc., a Shanghai-based development company, to handle its band-end operations. Meaning, the Chinese government might have full access to Clubhouse user data and audio chats. Burak Agca, Engineer at Lookout, says, “Clubhouse wants to bring communities together by enabling individuals to discuss common interests and learn more about new topics. The trouble is that the audio data is built on a Chinese-based platform, which means some of that data is sent back to China.”
Clubhouse’s reliance on Agora for handling its data traffic and audio production raises privacy concerns, especially for Chinese users. In February, Clubhouse users in China said that they could not access the social networking app after a sudden rise in discussions over sensitive topics like Taiwan and Xinjiang. The only option left for Chinese users is to use a virtual private network (VPN) to access the app, one of the most used ways by users in China to bypass the Great Firewall when it comes to the internet.
Agora said that it could not comment on the security and privacy of Clubhouse, but it ensures that it does not “store or share personally identifiable information of any of its clients.” However, when it comes to Clubhouse, “the real problem is that folks thought that these conversations were ever private,” says Robert Potter. It may sound alarming to some, but audio chats on Clubhouse can be taken out of the app. Users are already recording conversations of famous celebrities like Elon Musk on Clubhouse and uploading them on YouTube, which is a serious security concern.
Clubhouse has not yet explained in detail the steps and measures it has adopted to prevent similar data breaches from happening again. However, according to Jack Cable, a researcher at SIO, these measures might include limiting the use of third-party apps to access audio chat rooms or limiting the number of rooms a Clubhouse user can access at the same time. However, Clubhouse has not released any official response or statement regarding security measures.
Final Thoughts
Clubhouse has gone viral like other apps, including Tiktok, despite its security and privacy concerns. Clubhouse is still an immature service that is very new, but users got enthusiastic about it as it's a new thing where you need exclusive invitations to enter chat rooms. However, people need to get real about social networking apps and how these apps manage user data. It's still too early to judge the app because it's new, and there are going to be bugs; nonetheless, this incident is a wake-up call for Clubhouse users.