Clubhouse promises fix after audio insecurely streamed from third-party website

Source: The Verge added 22nd Feb 2021

  • clubhouse-promises-fix-after-audio-insecurely-streamed-from-third-party-website

Clubhouse has confirmed one of its users was able to siphon off audio feeds from the invitation-only app and make them accessible from a third-party website, raising security concerns about the fledgling service. A Clubhouse spokesperson told Bloomberg that “multiple rooms” were affected, and that the user behind the breach had been “permanently banned.” It said “safeguards” have been put in place to prevent a repeat, though it reportedly declined to provide specific details.

The incident is a reminder for Clubhouse users to be careful about sharing sensitive information in conversations held via the invite-only iOS app. This is especially important for any Chinese citizens or dissidents using the app, or any users concerned about state surveillance. Although Clubhouse is blocked in China, users are reportedly still able to access the service via VPNs.

This latest security incident comes a week after Clubhouse was criticized for vulnerabilities in its infrastructure. A report from the Stanford Internet Observatory found that users’ unique Clubhouse ID numbers and chatroom IDs were transmitted in plaintext, which could theoretically allow an outside observer to work out who’s talking to who on the app. Clubhouse also uses Shanghai-based Agora Inc, for its back-end infrastructure. As a Chinese company, Agora has a legal obligation to assist Chinese authorities in locating the source of audio if it’s deemed to pose a national security risk, the SIO said.

In response to last week’s report, Clubhouse said it plans to add additional encryption and blocks to prevent the service from pinging servers based in China, and that it would be hiring an external security firm to review the updates. Agora told the SIO that it only stores user audio or metadata when required for billing and network monitoring purposes. In a statement to The Verge, Agora said it “does not have access to, share, or store personally identifiable end-user data,” and that it does not route “voice or video traffic from non-China based users” through China.

Read the full article at The Verge

brands: Especially  It  One  party  The Source  Unique  WAS  
media: 'The Verge'  
keywords: App  Audio  Internet  IOS  Review  

Related posts


Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88

Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 88

Related Products



Notice: Undefined variable: all_related in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/rondea.com/httpdocs/wp-content/themes/rondea-2-0/single-article.php on line 91