Tuesday, 16 February 2021

Clubhouse rushes to fix security flaws possibly giving government access to unfiltered data

Clubhouse is the newest kid on the block that not only has punched above its weight but also has got industry leaders like Facebook and Twitter scamper to clone it. While the new invite-only audio-focused social media, the app has been attracting all the headlines with some marquee celebs joining the platform, it has earned a ban in China in the interim.

Now security researchers have unearthed a Chinese connection but have suggested that the platform may have some serious security flaws that could lead to the Chinese government getting access to users’ raw audio data.

The security experts at Stanford Internet Observatory or SIO, have found that personally identifiable information like, “user’s unique Clubhouse ID number and chatroom ID are transmitted in plaintext,” which in turn can possibly allow anyone to connect Clubhouse IDs with users’ profile.

This apart from other security flaws that SIO identified have been shared with Clubhouse and will be disclosed once they are fixed or after a stipulated time, confirmed by the Observatory.

It was also found that a Chinese company called Agora supplied back-end infrastructure to the Clubhouse App and the room metadata was reportedly relayed to be hosted in the PRC. This coupled with the security loopholes, that have already been shared with the drop-in audio chat platform, could not only allow the Chinese government access to the raw audio files but also identify users individually.

While the spokesperson of Agora did not comment on its relationship with Clubhouse but said that the company does not have access to personal data nor does it store any such information. It also has stated that any voice or video traffic generated from users outside China, including US users is not routed through China.

Clubhouse responds

Clubhouse, on the other hand, stated that it had made a conscious decision to not make the application available in China due to the lack of data privacy in the country, however, some users sideloaded the application and used it to participate in conversations before it was blocked by the great firewall.

In a prepared statement it said, “Given China’s track record on data privacy, we made the difficult decision when we launched Clubhouse on the Appstore to make it available in every country around the world, with the exception of China. Some people in China found a workaround to download the app, which meant that—until the app was blocked by China earlier this week—the conversations they were a part of could be transmitted via Chinese servers.”

In connection to the security flaws, it accepted the issues and stated that it will roll out updates in the next 72 hours to fix the highlighted issues and beef up the security measures on the platform. It said, “Over the next 72 hours, we are rolling out changes to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers.”

To recall, Clubhouse’ user base and valuation has soared multi-fold over the last couple of months taking the overall valuation to above $1Bn and has become one of the hottest tech startups in the social media scene.

https://ift.tt/3qpZZGD

No comments:

Post a Comment