Clubhouse confirms security breach after getting siphoned off of its audio chats


Clubhouse, the iOS application accessible by invitation where the self-esteem of the start-up nation reigns, would do well to call on experts to secure the conversations it hosts.
While she was boasting a few days ago of having implemented solutions to prevent hackers or spies from stealing user data, a hacker decided to put the application in front of a fait accompli by proving it opposite.

This unidentified user managed over the weekend to siphon audio broadcasts from several rooms from Clubhouse, to stream them directly to its own website.
To carry out his operation, he simply used the same JavaScript toolbox that was used to compile the Clubhouse application.

The information was confirmed by a spokesperson for the application who also indicated that Clubhouse had banned this user permanently and that new safeguards had been put in place to prevent such a situation from happening again. .

Also to discover in video:

Also to discover in video:

Since the release of the application and its meteoric success, experts have looked into the security of the application. And the finding is clear. Last week, the Stanford Internet Observatory, which was already worried about the potential security breaches of the application, indicated that the identifiers of users and Rooms passed through the web in their raw form, without any encryption being provided.
It also indicated that users had to use the application on the assumption that all conversations held there were recorded.

The observatory also revealed that the server part of Clubhouse was managed by Agora Inc., a Chinese start-up based in Shanghai, which declares that it only temporarily stores raw audio data on its servers without having to know the duration. For Alex Stamos, director of WIS, “Clubhouse is not in a position to make promises regarding the confidentiality of conversations taking place anywhere in the world”.

Source : Bloomberg


Source: Sécurité – 01net by www.01net.com.

*The article has been translated based on the content of Sécurité – 01net by www.01net.com. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!