Clubhouse – the audio application for invitation only, best known for courting everyone Elon Musk to Mark Zuckerberg—He promised to implement new safeguards after suffering a second high-security snafu this month.
Sunday, a Clubhouse spokesman confirmed to Bloomberg that an unnamed user in the application successfully managed to siphon audio streams from “multiple cameras” and stream them to a third-party site owned by that user. The news came after security researcher Robert Porter he tweeted screenshots of the site in question. He pointed out that while the scraper in this case did not seem to have any malice in mind here, the exploitation was certainly available to “the worst performers”.
The Clubhouse team told Bloomberg that the user behind the audio scraper was “permanently banned” from the platform and that it is installing certain “safeguards” to prevent this type of camera recording from falling into the wrong hands again. That being said, the company declined to tell Bloomberg what those specific guarantees are.
This is not necessarily auspicious for people who may be concerned about the privacy of their Clubhouse chats. Sure, the account behind the project could be forbidden and this special exploit used for audio siphoning may no longer work. The company has yet to fight Another 300 open source projects currently trying to access the platform. And that number is growing every day.
G / O Media may receive a commission
Not to mention that this story happens just one week after the Stanford Internet Observatory gave up bomb report which means that some user data – including raw audio streams – was processed using the Shanghai Agora initiative, which had the ability to intercept that audio and store it for its own purposes. Like the Trump administration tirade against TikTok taught us all, data stored on mainland Chinese soil are subject to certain national cybersecurity laws that dictate that the Chinese authorities have free access to this data if it is considered a threat to national security.
Considering how Clubhouse has become something of a success in China, as citizens felt that the app was beyond touch state surveillance, you can imagine why last week’s revelation could have had a terrible effect. And while Clubhouse, at the time, promised to be “deeply committed to data protection and user privacy,” the latter security issue raises questions about how far that commitment goes.
We’ve contacted Clubhouse about this weekend’s security incident and we’ll update here when we hear.