The security hole in the clubhouse would allow spying from China

The social network Clubhouse, which specializes in live conversations and has become the first major social phenomenon of 2021, has announced that it will improve its security after learning that the identification number (not the user’s name) of a Account about a security flaw in the infrastructure used by the social network, which is provided by a signature of this country.

Clubhouse will expand in-app encryption to protect users in China in particular

After discovering the vulnerability, Clubhouse announced the implementation of additional encryption measures to prevent Clubhouse customers from transmitting information to servers in China. In addition, Clubhouse will hire an outside security team to review and validate updates.

It was the Stanford Internet Observatory (SIO) that discovered a bug in the Shanghai-based Agora, which provides the final infrastructure and real-time management software for the clubhouse app. This error enables the unique identification number of the clubhouse users, This is not the same as your username, but it is still a security issue.

Through this information, reflected in plain text format, the user ID could be analyzed, the data compared to information about who is chatting in each room, and then the user could be identified. According to SIO, this is something particularly tricky Users from China.

And the fact is that in this country the use of the clubhouse has been banned and there would be legal ramifications for any citizen discovered through this social network, even through a VPN. In fact, SIO researchers have discovered metadata maintained by Agora in a clubhouse room from servers owned by the Chinese Communist Party. And since Agora is a company founded on Chinese soil, if requested by the Chinese government, it would be legally required to cooperate in identifying users.

Agora has informed SIO that its work is limited to monitoring the quality of the network and has stated that it has no direct access to user data and does not store user audio or their metadata. Because the audio is also stored on servers in the United States of America The Chinese government couldn’t agree to them. Agora also ensures that video and audio content from users outside of China is never routed through that country.

At the clubhouse, they point out that when they presented the app, given the potential privacy issues in China, they decided that the application will not be available in that country. Despite this fact, some users found a way to use it from there until the app was recently blocked.

Click to rate this entry!
(Votes: 0 Average: 0)

Leave a Comment