Clubhouse to fix security vulnerability due to China snooping concerns

Clubhouse, the popular audio chat room app, said it is reviewing its data protection practices. This follows a report from Stanford Internet Observatory (SIO) that found security vulnerabilities in Clubhouse’ infrastructure that left its user’s data vulnerable to be accessed by the Chinese government.

The SIO confirmed that Agora, a Shanghai-based startup, provided the back-end infrastructure to Clubhouse. The researchers also determined that both a user’s Clubhouse ID number and chatroom ID are transmitted in plaintext over the internet, making it “trivial to intercept”. This would likely give Agora access to raw Clubhouse audio files. 

Potentially this would allow anyone observing internet traffic to match the IDs shared in the chatrooms and see who is talking to one another. SIO said it chose to disclose the security issues as they posed an immediate security risk to Clubhouse’s millions of users, particularly those residing in China.

Many new users from mainland China joined the Clubhouse app where they engaged in discussions on topics that were considered to be taboo including the Xinjiang province detention camps and Hong Kong’s National Security Law. However, their access to the app was eventually blocked on 8 February.

Clubhouse said in a response to SIO that it opted not to make its app available in China. However, some users in China managed to find a workaround to download the app. This means that the conversations they were a part of could be transmitted via Chinese servers.

Even though Agora is jointly headquartered in both the US and China, the company is still subjected to China’s restrictive cybersecurity laws. This means they may be required to assist the Chinese government in any criminal or national security investigation.

Agora, however, claimed it does not store any audio or metadata other than to monitor its network quality and bill its clients. It added that if an audio file is stored on servers in the US, it is highly unlikely the Chinese government would be able to access the data.

A spokesperson from Agora said, “voice or video traffic from non-China based users — including US users — is never routed through China.”

Clubhouse told SIO that it was going to add additional encryption and blocks to prevent its clients from transmitting pings to Chinese servers. It also plans to hire an external security firm to review and validate its updates. 

The app was launched in early 2020 but it only recently saw its user base soar. This started in early February 2021 when Tesla chief executive officer Elon Musk and Robinhood CEO Vlad Tenev held a discussion on the GameStop stock surge incident that shook Wall Street.

That discussion maxed out the platform’s 5,000 person-per-room limit. According to data analytics firm Sensor Tower, this led to over a million Clubhouse downloads in the subsequent 10 days.

Clubhouse is currently free to use and does not run any ads. The company said it plans to add a subscription model in the future. It is currently only available for iPhone users but an Android version of the app is in development.

[SOURCE, 2]

Related reading

Recent Posts

Nissan Kicks e-Power now open for booking in Malaysia, priced below RM130,000

Edaran Tan Chong Motor (ETCM) has announced that the Nissan Kicks e-Power is now open…

2 hours ago

TikTok, Content Forum and UiTM empowers students with Digital Literacy to promote a safer digital space

TikTok in partnership with Communications and Multimedia Content Forum of Malaysia (CMCF) have recently organised…

4 hours ago

Tesla owners in Malaysia can finally use the Autopark feature

Tesla owners in Malaysia have reported that their vehicles can now perform the Autopark feature.…

4 hours ago

Asus ROG Phone 9 series launching in Malaysia on 10th December 2024

After unveiling its latest smartphones, the Asus ROG Phone 9 series, to the world, Asus…

5 hours ago

WhatsApp Voice Message Transcripts converts voice into text

WhatsApp has introduced a new Voice Message Transcripts feature which allows users to easily convert…

11 hours ago

Every Transaction Could Make You a Monthly Millionaire – Here’s How with Maybank’s MAE

This post is brought to you by Maybank. Unlock more than just transactions with MAE’s…

22 hours ago

This website uses cookies.