It has been reported that chatroom app Clubhouse has a critical security flaw which allows an unidentified user to stream Clubhouse audio feeds from “multiple rooms” into their own third-party website. The company responded by permanently banning the unidentified user and have installed new security controls to prevent the flaw.
Experts Comments
Clubhouse wants to bring communities together by enabling individuals to discuss common interests and learn more about new topics. The trouble is that the audio data is built on a Chinese-based platform, which means some of that data is sent back to China.
It’s alarming that platforms like this are built on leveraging coarse data transfer practices that users accept when they install these apps. Consumers trust their mobile devices and the apps on them to be inherently secure. This may
.....Read MoreDespite the exclusivity of Clubhouse being available on an invite-only basis and limited to iOS devices, its popularity has surged over the last year. Therefore, it is unsurprising to see that individuals have found a way to reverse engineer the Clubhouse API and subsequently publish open source tools that can be used to extract audio from rooms and ultimately develop a clone of the app for Android devices.
In this case, the user's intentions were clear: they wanted to use the application
.....Read MoreClubhouse is still in its early phase and like with many applications, privacy of its users is often an afterthought. Similar to when Zoom usage went through the roof, Clubhouse is experiencing a huge uptake and learning as it goes. Far too often security and privacy of a start up’s userbase is seen as not as important as growth of the company. However, without the right protection in place there is arguably no longevity.
Companies need to do more in investing the right amount of resources
.....Read MoreClubhouse is currently riding a wave of popularity and as it works to rapidly scale to meet demand, the company may have been less focused on user security. Its ‘by invite only’ model may also create a furtive breeding ground for future cyber-criminal activity, such as fake ‘invitation links’ directing users to malicious downloads.
As the line blurs between the use of devices for personal and work use, businesses should cautiously examine which apps employees use on work devices to understand
.....Read MoreThe Clubhouse data spillage incident looks like yet another example of security based purely on authenticating the user. As we have seen over and over again, you can't keep scripts and bots out of your business unless you know what you are communicating with as well as who. It is therefore essential to authenticate both the user and the mobile app before granting access to your platform.
The data leakage from audio chat app Clubhouse appears to hinge on a lack of proper authentication and a lack of end-to-end encryption. Add in the challenge of relying on 3rd party infrastructure and potentially their security as well, and it is easy to understand how something like this can happen. To be secure and private, applications must have their security baked in from the start. It needs to be embedded at every level, from the communications protocols up through the user interface.
.....Read MoreClubhouse is a platform for social communication, most risks associated with the platform that are raised relate to privacy, essentially something the platform already have issues with managing and addressing according to amongst others the German data protection authorities.
Personally, I have not spent an ounce of effort looking into the platform and how it works, but I think we can all agree that there is room for doubt that for a company that forgot to address GDPR in its terms and
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
The Clubhouse data breach has once again brought mobile app security vulnerabilities into the spotlight. As Clubhouse quickly gained funding and popularity over the past several months, it has become the next hot social media app - but in that short time, it has also proven that it lacks data security and transparency with consumers. This breach reinforces that it's critical for people to understand where their data is being sent, how it is secured, and what resources the application is
.....Read MoreThe Clubhouse data breach has once again brought mobile app security vulnerabilities into the spotlight. As Clubhouse quickly gained funding and popularity over the past several months, it has become the next hot social media app - but in that short time, it has also proven that it lacks data security and transparency with consumers. This breach reinforces that it's critical for people to understand where their data is being sent, how it is secured, and what resources the application is accessing on your mobile device. The backlash that Clubhouse will experience will erode consumer confidence and put other popular apps under a microscope, and it's up to the industry to come together to remedy its reputation and lead the way in security and transparency. We already see regulations entering the consumer IoT and federal IoT markets, security and privacy in the mobile space is the next logical target if things do not get better.
Read LessLinkedin Message
@Brad Ree, CTO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The Clubhouse data breach has once again brought mobile app security vulnerabilities into the spotlight...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-a-glaring-issue-for-chatroom-app-clubhouse-after-conversations-were-breached
Facebook Message
@Brad Ree, CTO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"The Clubhouse data breach has once again brought mobile app security vulnerabilities into the spotlight...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/security-a-glaring-issue-for-chatroom-app-clubhouse-after-conversations-were-breached