Security breach on Clubhouse app – clubhouse Security | part 3

clubhouse Security

Table of Contents




The clubhouse has a security problem

The phonearena, Clubhouse that the last few months has launched a lot of noise, security problems. This audio social networking app is only available for iPhone, But it will be available for Android for a while. The clubhouse has now been downloaded more than 10 million times from the App Store and has even attracted the attention of Facebook CEO Mark Elliot Zuckerberg. It is said that Facebook also intends to launch such a service.

It has recently been revealed that the clubhouse has a security problem and can compromise users’ personal information. The Clubhouse has announced that users will not be able to record audio on this social network, But hackers have been able to find a way to gain access to the sound in the clubhouse. Last week, Clubhouse audio files were posted on various websites, and the interesting thing is that the app does not have such a possibility, and in fact, such a thing should not have happened.

This led to further research into the Clubhouse’s security issues. Stanford’s cybersecurity researchers recently released the ID numbers of all users and the ID numbers of training classes. The ID number of the classes seems to be closely related to the profile of the users and their real personalities.

So far, it has been determined that the Clubhouse servers are located in Shanghai, and it is possible that the Chinese government will be able to access users’ information and their audio files.

clubhouse Security
Clubhouse Security

Why you should worry about your privacy at Clubhouse

Gant said one red flag is that the Clubhouse doesn’t use end-to-end encryption.

“Basically the attack surface has increased tenfold with third-party individuals having the ability to intercept these communications or conduct malicious behavior,” he said.

Gant said the app also has national security risks in the form of intelligence gathering.

“You could potentially have people tracking your actions in the app and that’s a concern, even if it’s just some time,” he said.

Even if the company isn’t interested in espionage, Clubhouse sessions could be used to develop user-profiles and associated marketing messages. Gartner’s Henein said that audio files of free form conversations may seem to have little value on the surface, but the data could be used for sentiment analysis.

“As we saw with Cambridge Analytics, innocuous information can be used to influence your decision-making,” he said.

Heinen said that this information can be used to design spear phishing attacks.

“Most individuals will use the same password on many accounts, so if one of those providers has an issue, you’ve been compromised across the whole thing,” he said.

According to an article on Inc., the Clubhouse terms of service specifies that recordings of the sessions are kept for a short period of time to deal with harassment. If a user reports bad behavior during a session, Clubhouse reviews the session to address the claim.

According to the app’s terms of service, if no incident is reported in a room during a session, Clubhouse deletes the temporary audio recording when the room ends. Also, audio from muted speakers and audience members is never captured, and all temporary audio recordings are encrypted.

Ray said that recordings must be available internally for content review or evidence for actions taken against bad actors to support Clubhouse’s policy of limiting hateful or abusive speech.

“Anything saved on their servers, from content to user info, is potentially vulnerable to a data breach,” he said.

Even though the chances are low that audio could be leaked from Clubhouse, the negative impact is real, Ray said.

Any regret from errant words in the email, chat messages, social media commentary, ephemeral message services, Tweets or similar will be amplified to roaring levels through voice,” he said. “We speak more quickly than we can think, and voices are infinitely and indelibly more attributable to people and personalities than typed words.”

Ironically, Clubhouse’s policy of not recording the sessions could make it harder to prove that a manipulated audio clip is fake.

“A fake voice recording made from fragments of recorded content can’t easily be disputed when there’s no evidence of the original,” he said.

Five tips for boosting your security on Clubhouse

Kime said that people who decide that joining a new social media platform is important for their business or their brand should take a few steps to lower the related security risk.

First, don’t log in to an app with a Google, Microsoft, or social media account.

“Sure, it’s easy, but you give access to some of the information associated with that account to the other app and you can’t control how long the app retains that data,” Kime said.

Second, always use a unique password and ensure the app is receiving automatic updates.

Third, Clubhouse invites are sent via text and associated with a particular phone number. Kime recommends against using your primary phone number to access the service.

“Consider using a secondary phone number, whether via a separate SIM card or a VOIP number like Google Voice, rather than your primary number for apps like this since the app downloads all of your contacts at this moment,” he said.

Fourth, when you’re using Clubhouse, use a headset or earbuds to reduce the chance of the app picking up audio from family and coworkers.

“Since there is no way to go back and edit out background noise, you don’t want your children’s privacy affected,” he said. “While Clubhouse may not be monetizing user data yet, they likely will in the future.”

Finally, assume that everything said to anyone, regardless of the Clubhouse room type they might be in, will be available to the public, according to Ray of SecureAge.

“They should also avoid using the app as a secure communications tool, however tempting that may become as its popularity and feature set grows,” he said. “Leverage the public outreach, targeted audience potential, and real-time thrills for building business, but don’t run business on it.”

Clubhouse: yet another social network?

3 Pages Posted: 26 Apr 2021

Wadim Strielkowski

Prague Business School; University of California, Berkeley

Date Written: March 08, 2021

Abstract

The clubhouse is the new social networking app that was first launched in April 2020. Envisioned as a live-streaming audio chat without the familiar nuisance of video calls, text messaging, or monetization options, it started positioning itself as an “alternative” social network and quickly gained worldwide popularity. However, one might wonder whether Clubhouse offers anything novel after all. Viewed through the prism of the frequent social network users, it features a mixture of audio podcasting, talk radio, and conference call all wrapped in one package. Moreover, it is difficult to believe it would have achieved such popularity without the COVID-19 pandemic that introduced social distancing and lockdowns.

Keywords: social networks, Clubhouse, COVID-19, socializing, pandemic, human contact, digital media

JEL Classification: A13, D91, L82

Strielkowski, Wadim, Clubhouse: Yet Another Social Network? (March 08, 2021). Available at SSRN: https://ssrn.com/abstract=3832599 or http://dx.doi.org/10.2139/ssrn.3832599

Clubhouse: yet another social network? SSRN-id3832599

About KSRA

The Kavian Scientific Research Association (KSRA) is a non-profit research organization to provides research / educational services in December 2013. The members of the community had formed a virtual group on the Viber social network. The core of the Kavian Scientific Association was formed with these members as founders. These individuals, led by Professor Siavosh Kaviani, decided to launch a scientific / research association with an emphasis on education.

KSRA research association, as a non-profit research firm, is committed to providing research services in the field of knowledge. The main beneficiaries of this association are public or private knowledge-based companies, students, researchers, researchers, professors, universities, and industrial and semi-industrial centers around the world.

Our main services Based on Education for all Spectrum people in the world. We want to make an integration between researches and educations. We believe education is the main right of Human beings. So our services should be concentrated on inclusive education.

The KSRA team partners with local under-served communities around the world to improve the access to and quality of knowledge based on education, amplify and augment learning programs where they exist, and create new opportunities for e-learning where traditional education systems are lacking or non-existent.

Website | + posts

Professor Siavosh Kaviani was born in 1961 in Tehran. He had a professorship. He holds a Ph.D. in Software Engineering from the QL University of Software Development Methodology and an honorary Ph.D. from the University of Chelsea.

Website | + posts

Nasim Gazerani was born in 1983 in Arak. She holds a Master's degree in Software Engineering from UM University of Malaysia.

+ posts

Somayeh Nosrati was born in 1982 in Tehran. She holds a Master's degree in artificial intelligence from Khatam University of Tehran.

Sr. Product Owner (PO) & Sr. BSA at Farmers Insurance Group Agoura Hills, California, United States | + posts

Executive-level IT strategist with over 20 years of experience in successful IT, product management, and business information systems initiatives. Senior liaison and progressive leader with the ability to plan broad-ranging initiatives while understanding impact and requirements from both business and technology perspectives. Strong employee advocate dedicated to aligning staff skills with product needs, and mentoring personnel in growing skills and career paths. Well-versed in a variety of design, development, and project management methodologies (i.e. SAFe Agile/Scrum, Lean Six Sigma, CMMI, UML, etc.), with a talent for guiding business process improvement through the adoption of industry best practices and standards.

%d bloggers like this: