Some security researchers have found a serious security flaw in the app that was exploited by a hacker.
A Bloomberg report found that a hacker was able to hack the service and overhear the conversations over the weekend.
The user, who is believed to be based in China , was able to acquire audio streams from the app through a website he created himself . The company has now banned the user and claimed to have implemented new “guarantees” to prevent future unauthorized access.
The hacker was discovered when cybersecurity experts noticed that audio and metadata were being transferred from Clubhouse to another site. They then found that the attacker had built a system around the JavaScript toolkit that was used to build the Clubhouse app to accomplish this.
The security flaw was recently discovered by the Stanford Internet Observatory (SIO). The SIO found that personally identifiable information, including Clubhouse and chat room user IDs, was being transmitted in the clear, it was also possible to get raw audio files.
This incident comes a week after Clubhouse announced that it will toughen security measures, including preventing the app from “pinging” Chinese servers and additional encryption to protect conversations.
Obviously, the measures that Clubhouse had planned were not enough or have not yet been implemented. According to SIO researcher Jack Cable, the company has refused to disclose what additional measures have been taken to avoid breaches like this in the future.
In response to the SIO report, Clubhouse said it has no servers in China as the app has not officially launched in the country. He added that some users in China have found a workaround to install the app and “the conversations they were part of could be streamed via Chinese servers.”
It is possible that the event could make other hackers rage, so if you really want to continue using Clubhouse, we advise you to use a password that you only have on this social network, different from any other site or service. In this way, any targeted hacking of user accounts will allow you to remain “safe” on other sites.
Recent Comments