The hot audio-based social app Clubhouse has apparently suffered a data breach, as a third-party developer designed an open-source app that allowed Android smartphone users to access the invite-only, iPhone-only service.
Launched in March 2020, Clubhouse is an audio-based social app that allows users to join group chats spontaneously. It raised $100 million in funding in January. Despite being available only to Apple Inc.’s users, it has managed to gain a lot of buzz, not dissimilar to the early days of Twitter Inc.
In the case of the main Clubhouse breach, a programmer in mainland China designed and made available open-source code on GitHub, owned by Microsoft Corp. since 2018. The developer said the app was designed to allow anyone to listen to audio on Clubhouse without an invite code, with access to various personal sessions.
This app along with other forms of third-party access, some apparently originating from Hong Kong, have now been blocked. Notably, the developer of the Clubhouse Android app on GitHub writes in simplified Chinese, while Hong Kong uses traditional Chinese script.
An “unidentified user” was also able to stream audio feeds over the weekend from “multiple rooms” into the person’s own third-party website, but was then “permanently banned.” This is a different compromise to the Android GitHub application. Reema Bahnasy, a spokeswoman for Clubhouse, told Bloomberg that the company has added “safeguards” to prevent a repeat of audio from their service from being accessed by third-parties.
John Furrier, founder and chief executive officer of SiliconANGLE Media Inc. who has been digging into Clubhouse and noticed the leak of chats, noted that in one of the alleged hacks — the one out of Hong Kong — involves bricking an iPhone, reverse-engineering the Clubhouse application and then using a bot’s “malicious code” to access the various streams and shares them. “Then the program calls the Agora backend as it traverses the room IDs,” Furrier explained. “If Clubhouse bans the bot, another iPhone takes its place.”
One big problem Clubhouse has is that it’s built upon a service from Shanghai-based Agora Inc. to do thing such as managing its data traffic and audio production. Alex Stamos, a former Facebook Inc. executive who now heads the Stanford Internet Observatory, raised some security issues back on Feb. 12. He reiterated those concerns Saturday night in a Clubhouse chat with Furrier.
Breaking news: Clubhouse audio getting hacked all audio being sucked out. Coming out of China. Story Developing cc @siliconangle
— John Furrier (@furrier) February 21, 2021
For its part, Agora provided no comment to Bloomberg, saying it doesn’t “store or share personally identifiable information” for any of its clients, adding, “We are committed to making our products as secure as we can.”
Furrier added that although the access was intentional, it was not necessarily malicious. “Some are suggesting in the cybersecurity community that this is happening at many other levels of government,” he said, adding that one expert advised that “all users should assume all conversations are being recorded.”
There are other security concerns surrounding Clubhouse. Lourdes Turrecha, founder and CEO of privacy consulting firm PIX LLC, wrote on Medium that Clubhouse rolled out its app without much regard for privacy. Turrecha claims that Clubhouse collects not just its users’ personal information but also their contact information. Further, Turrecha says, Clubhouse also accesses users’ Twitter account information without explaining why.
There could be implications for businesses that use Clubhouse as well. Advisedly or not, one hedge fund manager in one Clubhouse room was having meetings on the service, and is now “freaking out,” Furrier noted.
The concerns even extend to safety of users, especially in countries where governments such as China keep a tight watch on people’s activities online. Many people using Clubhouse may assume their chats are private.
The incidents provide yet another wakeup call for services that suddenly explode in popularity before security kinks get worked out, Katie Moussouris, founder and CEO of the new security startup Luta Security, which provides advice on sustainable vulnerability disclosure and management, told Furrier.
“Where I think we have a lot to learn from this is that well-funded, popular platforms with millions of users still don’t invest as heavily in security, privacy and safety as they should,” she said. “We’re not talking about a scrappy open-source project that got unexpectedly popular and didn’t have the bandwidth to work on better security and privacy architecture, or at least better warnings about the limitation of the expectation of the privacy of conversations, and longevity of possible recordings outside of their control.”
Moussouris also issued a warning for tech companies that don’t take enough care: “Today’s Clubhouse data routing through China while optimizing for maximum social graph is tomorrow’s congressional inquiry of another runaway tech giant, too big and too late to regulate,” she said.
Despite the issues, Clubhouse is already spurring apparent copycats. Facebook reportedly is working on a similar service.
Images: Opench
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
"Android" - Google News
February 22, 2021 at 12:29PM
https://ift.tt/37BfdBa
Clubhouse suffers 'data breach' after third-party developer designs app for Android users - SiliconANGLE News
"Android" - Google News
https://ift.tt/336ZsND
https://ift.tt/2KSW0PQ
Bagikan Berita Ini
0 Response to "Clubhouse suffers 'data breach' after third-party developer designs app for Android users - SiliconANGLE News"
Post a Comment