Clubhouse, which is a social media app that was launched less than a year ago, requires an invite, involves audio-only chats, and for now, it is free. It has caught the attention of bigshot players such as Tesla CEO Elon Musk and Facebook Inc.
The Chinese communist government has even gone ahead and blocked it in the country.
This is an iOS-only app and as soon as you enter, you can start or listen into conversations on a whole host of topics, and with a range of people from celebrities to thinkers and influencers. Now, there are no posts, photos, or videos, only people’s profile pictures and their voices.
However, Clubhouse has some serious security flaws. In a statement, the company said that “With the help of researchers at the Stanford Internet Observatory, we have identified a few areas where we can further strengthen our data protection,”.
“Over the next 72 hours, we are rolling out changes to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers. We also plan to engage an external data security firm to review and validate these changes,” a report from Reuters claimed.
Clubhouse has not responded to any request from Reuters for further comment on Saturday.
The Stanford Internet Observatory (SIO) said that the infrastructure of Clubhouse is provided by Agora, a Shanghai-based company that provides “real-time engagement software.” It was also discovered the unique Clubhouse ID number of a user and their chatroom ID were shown in plaintext, which potentially makes users traceable.
There were also suggestions that Agora was potentially able to access a user’s raw audio. When the app was monitored, the app uncovered instances where room metadata was relayed to servers that were hosted in China. The audio was routed through servers managed by Chinese entities.
As a result of SIO’s thorough investigation, Clubhouse will be having backend changes. The report ends with a statement from Alpha Exploration that runs through the plans. SIO disclosed the security issues as they are both “relatively easy to uncover and because they pose immediate security risks to Clubhouse’s millions of users, particularly those in China,” a blog post reads.