Clubhouse to fix security vulnerability due to China snooping concerns

Clubhouse, the popular audio chat room app, said it is reviewing its data protection practices. This follows a report from Stanford Internet Observatory (SIO) that found security vulnerabilities in Clubhouse’ infrastructure that left its user’s data vulnerable to be accessed by the Chinese government.

The SIO confirmed that Agora, a Shanghai-based startup, provided the back-end infrastructure to Clubhouse. The researchers also determined that both a user’s Clubhouse ID number and chatroom ID are transmitted in plaintext over the internet, making it “trivial to intercept”. This would likely give Agora access to raw Clubhouse audio files. 

Potentially this would allow anyone observing internet traffic to match the IDs shared in the chatrooms and see who is talking to one another. SIO said it chose to disclose the security issues as they posed an immediate security risk to Clubhouse’s millions of users, particularly those residing in China.

Many new users from mainland China joined the Clubhouse app where they engaged in discussions on topics that were considered to be taboo including the Xinjiang province detention camps and Hong Kong’s National Security Law. However, their access to the app was eventually blocked on 8 February.

Clubhouse said in a response to SIO that it opted not to make its app available in China. However, some users in China managed to find a workaround to download the app. This means that the conversations they were a part of could be transmitted via Chinese servers.

Even though Agora is jointly headquartered in both the US and China, the company is still subjected to China’s restrictive cybersecurity laws. This means they may be required to assist the Chinese government in any criminal or national security investigation.

Agora, however, claimed it does not store any audio or metadata other than to monitor its network quality and bill its clients. It added that if an audio file is stored on servers in the US, it is highly unlikely the Chinese government would be able to access the data.

A spokesperson from Agora said, “voice or video traffic from non-China based users — including US users — is never routed through China.”

Clubhouse told SIO that it was going to add additional encryption and blocks to prevent its clients from transmitting pings to Chinese servers. It also plans to hire an external security firm to review and validate its updates. 

The app was launched in early 2020 but it only recently saw its user base soar. This started in early February 2021 when Tesla chief executive officer Elon Musk and Robinhood CEO Vlad Tenev held a discussion on the GameStop stock surge incident that shook Wall Street.

That discussion maxed out the platform’s 5,000 person-per-room limit. According to data analytics firm Sensor Tower, this led to over a million Clubhouse downloads in the subsequent 10 days.

Clubhouse is currently free to use and does not run any ads. The company said it plans to add a subscription model in the future. It is currently only available for iPhone users but an Android version of the app is in development.

[SOURCE, 2]

Related reading

Recent Posts

Honor X9c 5G Malaysia: More durable than ever before, priced from RM1,499

Honor has officially launched the Honor X9c 5G here in Malaysia. Despite featuring similar internals…

45 mins ago

Xiaomi’s first clamshell foldable smartphone redefines style in a compact yet powerful form

This post is brought to you by Xiaomi. Combining cutting-edge technology with a sleek, foldable…

2 hours ago

GXBank to rollout GX FlexiCredit this month, GX Biz Banking for MSME coming soon

During its GX 2.0 event, GXBank revealed its new digital financial products aimed at helping…

3 hours ago

GX 2.0: GXBank continues to offer unlimited cashback with some tweaks

GXBank turns one and they have revealed its latest features and initiatives for its next…

4 hours ago

MG ZS EV now available for RM99,999: The cheapest electric SUV in Malaysia

You can now get an MG ZS EV for as low as RM99,999, making it…

5 hours ago

Prime Minister’s Department: Over 1,500 cyberattacks launched at ministries’ infrastructure systems

There have been over 1,500 cases of cyberattacks launched against Malaysian ministries' infrastructure systems in…

10 hours ago

This website uses cookies.