US cybersecurity researchers have revealed that a user who is a member of the Clubhouse app can broadcast conversations in chat rooms on another site. Clubhouse, which accepted this deficit, announced that they closed the account of the user in question and took new measures to prevent this from happening again.
AUTHORIZED NAME TOLD THAT THERE IS A BREACH OF CONTRACT
Incident first Stanford University İnternet The observatory had noticed. David Thiel, head of Clubhouse’s technology unit after the observatory’s announcement, said that this was not a hacking or a vulnerability, but a user’s breach of a user agreement.
Australian cyber security expert Robert Potter, who founded the Washington Post’s cyber security operations center, also believes that this statement reflects the truth. The reason for this is that the vulnerability is not caused by an attacker entering the system and stealing information, but by spreading information in a place where it is not allowed to spread. The person exploiting this vulnerability first realized that it was possible for him to enter more than one chat room at the same time.
“IF THE APPLICATION BECOMES POPULAR, PEOPLE WILL TRY TO SCRUB DATA”
He then set up a website and made his own account available to everyone on the site. Thus, those who entered the site could enter the chat rooms and listen to the topics they wanted, as if they were using the application. “If your app becomes popular, people will try to scrape data from your service with tertiary apps,” Potter said to the BBC.
SECURITY CONCERNS ABOUT CLUBHOUSE
The Stanford University Internet Observatory, headed by Facebook’s former security manager Alex Stamos, warned that user data in the Clubhouse could be stolen by cybercriminals or government-sponsored hackers, and the company took the necessary precautions.
Stamos said that the numbers assigned to users and chat rooms are kept unencrypted and it is possible to match them. The researchers emphasized that the Chinese state also had the possibility to access Clubhouse’s sound recordings.
Agora company, which provides some of the infrastructure of the application’s servers, has offices in San Francisco and Shanghai. Going public on the New York Stock Exchange in June, the company announced that “it may be required to share information with the Chinese government as a result of a request to protect national security or assist with investigations.”
USERS CAN RECORD AND PUBLISH THE INTERVIEWS IN THE ROOMS
In addition to concerns about the data security of the Clubhouse app, many users are also able to record and post the views in the rooms they enter, thanks to the screen or speaker recording features of their phones.
Clubhouse’s technology manager Thiel wants users to keep in mind that he is speaking in a “semi-public space”:
“Do not ignore this for both Agora reasons and everyone can have a recording device in their hands.”
Potter, on the other hand, says that there were various security vulnerabilities in applications such as Zoom and TikTok, which were rapidly popular before, and being one of the first people to use new applications carries such risks.