The popular audio-only iPhone app “clubhouse” confirmed that it has experienced a massive data leakage on Sunday. The app is designed to allow the user to join and participate in pop-up public or private audio chat rooms. The app also guarantees that the conversations are not recorded and must be experienced live. The US cyber-security researchers tweeted that a user had found a way to stream audio to another website. The clubhouse has stated to its users that it had installed new “safeguards” to prevent conversations from being streamed again.
Clubhouse Verifies Data Leakage Out Of Their Audio Routes.
David Theil who is the chief technology officer of the program claimed that the data spill was not a malicious one or a hack, but it was more like a violation of terms of service by the user. This allegation was supported by Australian cyber-security researcher Robert potter who is the builder of the Washington post’s cyber-security operations center. He explained the technical aspects of this issue that a “data spillage” was different from a “data breach” in that data breaches are deliberated and usually carried out by someone hacking into a system to steal data. This incident was first reported by the Stanford university internet observatory.
For starters, data spillage is often defined as an incident whereby confidential information is released into an environment that is not authorized to have access to the information. According to Mr. Potter, the incident occurred because a user had realized that it was possible to be in multiple chat rooms at once. By understanding how this worked, the user could connect a Clubhouse API to his website, and essentially “share” his login remotely with anyone on the internet who wanted to listen to the audio chats from the app.
Mr. Potter told the BBC that “if you’re popular, people will make a third-party app that scrapes data from the service, for example, all the third-party programs that scrape information from Twitter,”
Under the leadership of Facebook’s former security chief Alex Stamos, the clubhouse made assurances that user data could not be stolen by cyber-criminals or state-sponsored hackers, in response to a warning from Stanford University’s Internet Observatory. Stanford’s cyber-security researchers identified numerous flaws in the security including the fact that the users’ unique ID numbers and the ID numbers of the Clubhouse chat rooms they created were being transmitted in plaintext and it could be possible to connect IDs to specific user profiles.
It is also suspicious that back-end infrastructure is provided by a real-time engagement API firm called Agora, which has offices in both Shanghai and San Francisco. This doubt made the researchers be concerned that the Chinese government could gain access to the raw audio files on Clubhouse’s servers since Agora went public on Wall Street in June, it mentioned in its filing with the SEC. This is the place where China would be required “to provide assistance and support following the law for public security and national security authorities to protect national security or assist with criminal investigations”.
It is not only the fact that Stanford internet security reported the spill but also it has informed about the security flaws and on 12 February by saying it was working with the app firm to improve its security. It is also a matter of fact that this is not the first time or reporting data leakage, but it is one of the major issues of this era users are already using the video and audio recording functions on their devices to capture conversations had by celebrities like Elon Musk and Kevin Hart and uploading them to YouTube.
Supporting this Mr. Thiel tweeted that this is against the app’s terms of service, but it does mean that no-one should expect their conversations to be private. “Consider Clubhouse chats to be semi-public, given issues with Agora and the fact we all have microphones,” he said.
But Mr. Potter is of an opinion that the problem is more than clubhouse is young and still immature as a service. He said, “I feel like there’s a bunch of users who got enthusiastic because it’s a new thing and because you need an invitation, the conversations must be private,” he also said, “It happened with Zoom and Toktok – again and again, we see an app that has high growth, it goes viral, and then they have a privacy problem, or they find lots of problems that weren’t so big a deal when they were smaller, and cyber-security comes later.”
He added that consumers needed to be realistic about what services do with their data.
“I think people just need to realize that the privacy and cyber-security of newer social media platforms aren’t going to be as good as mature ones,” said Mr. Potter.
“If you’re going to be an early adopter and try out new apps and new smartphones, there’s going to be bugs.” Says the tech pioneer.