The security difficulties of the popular Club House grow

The popular social network for audio communication has grown enormously so far this year. Its official launch was in April of last year, by January 2021 it already had 2 million users, but by the end of February there were already 10 million users. These figures are surprising if we take into consideration two important facts about the social network: (i) its access is only possible by invitation (being that each user can only invite 2 people), (ii) it is only available for Apple devices.

With these restrictions, it was to be assumed that the social network does not have a very large audience level, but, on the contrary, it has shown to have a fairly wide range of growth. This is probably due to the valuable information that is shared and discussed in boardrooms or discussion forums and the famous speakers that everyone wants to hear (Elon Musk, Bill Gates, etc.).

However, as happened to Zoom last year, the popularity of the social network brings with it to expose the design flaws that they could have. In that sense, the security researcher, Robert Potter, pointed to Wired"with smaller and newer social media platforms, we should be on guard regarding our data, especially when they experience huge growth and test many of the controls (…) the level of exposure increases, the threat increases, the number of people polling your platform increases".

So, we are clear that the novelty and popularity bring him imminent risks, but has something specific happened? Unfortunately yes. Apparently, recently researchers from the Stanford Internet Observatory identified that the social network was transmitting the ClubHouse user identifiers and the identification numbers of the chat rooms without encryption, with which, said information could be obtained by any third party that you might have known about this vulnerability.

On the other hand, according to Bloomberg, part of the social network infrastructure is managed by the Shanghai-based startup Agora Inc., with which, it is possible that certain sensitive information could be received in that city, exposing itself to surveillance situations by the Chinese government . However, Agora pointed out that “does not store or share personally identifiable information"

Similarly, it appears that Clubhouse did not have anti-scrapping security (to prevent the extraction or copying of information), as it was discovered that a third-party website had compilations of the audios produced in the meeting rooms (which were assumed, they are not stored, and can only be heard live, by users connected to the meeting room in question). Supposedly, the intention was that this information can reach more people, but the means to do so cannot violate the security terms offered by Club House. This is precisely why this social network must be working to correct such security flaws.

- Advertising Notice-
Marilú Lazo
Lawyer from the Pontificia Universidad Católica del Perú (PUCP). Director of The Crypto Legal Blog, she has experience in corporate advice, consumer protection, as well as in matters of personal data protection and new technologies.

Similar

1,954Happy fans
514FollowersFollow
91FollowersFollow

Subscribe

*All fields are required
es Spanish
X