Clubhouse Security Flaws, Chinese Connection Found, Possibly Leaking Unfiltered Data; App Rushes to Fix It

A New and exclusive audio-only app called Clubhouse has been found to have Chinese connections and major security flaws by cybersecurity experts who believe the Chinese government can acquire users' raw audio data.

Clubhouse major security flaws
Clubhouse is an up and coming social media giant. Screengrab from Clubhouse

Clubhouse Security Flaw

In a report by TechRadar, the security flaws were found by researchers from the Stanford Internet Observatory (SIO).

According to the researchers, they have found that personally identifiable information such as Clubhouse users' unique ID numbers and chatroom IDs "are transmitted in plaintext," meaning anyone can connect the Clubhouse IDs with the users' profiles.

It also appears that the experts have found a few more security issues, but they did not share them yet with the public to avoid exploitation.

Nevertheless, the SIO has shared alls of its findings to the Clubhouse app, and they will be revealing several other major security issues they have found in the app as soon as the issues have been fixed.

Data Going Through China?

Moreover, the researchers have also found a Chinese connection in the form of Agora, a Chinese company that supplied back-end infrastructure to the exclusive audio-only social media platform, and it appears that the room metadata was allegedly relayed to be hosted in the PRC.

This, as well as the other major loopholes in the Clubhouse's security, means that the Chinese government could potentially acquire raw audio data from the app users and connect them to user profiles.

A spokesperson for Agora did not specifically comment on the company's relationship to the app, but they did say that they have no access to the personal data of those in the app.

Furthermore, they do not store such information as well.

The spokesperson also noted that any an all voice or video traffic generated from outside of China, including in the United States, are not routed through the Asian nation.

Clubhouse Responds

Meanwhile, Clubhouse has also responded to the whole security fiasco, saying that they have accepted all the reports and are working on the solution, which should be available in the coming days.

"Over the next 72 hours, we are rolling out changes to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers," the app said, as per the SIO publication.

The Clubhouse app has also responded to the alleged Chinese connection.

According to the app spokesperson, it has made the "difficult decision" to not make the application available in China given the country's "track record on data privacy."

However, it turns out that some people in the country were able to find a way to download the application via third-party websites, meaning that the conversations they were a part of could have been transmitted via Chinese servers until the app had been banned.

Clubhouse is now rising to fame, with some social media giants trying to copy its audio-only features.

To join the app, people should be invited by a Clubhouse member and be accepted faster, although they could also join the waitlist, but does not guarantee an invite to the exclusive new social platform.

This article is owned by Tech Times

Written by: Nhx Tingson

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics