image
At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded. The company confirmed to Bloomberg that over the weekend a user was able to breach “multiple” ClubHouse room audio feeds and stream them on a third-party website. A company spokeswoman told Bloomberg the user has been banned and that “safeguards” have been put in place. Another user, located in mainland China, meanwhile wrote code that allows anyone to listen in on ClubHouse conversations without the required invitation code, and posted it on GitHub, Silicon Angle reported. That, along with other malicious code designed to breach Clubhouse, have been blocked, according to the outlet. Clubhouse’s Agora Platform The heart of Clubhouse’s security woes is its backend “real-time voice and video engagement platform” provided by Shanghai-based startup Agora. Clubhouse web traffic is directed to Agora’s server in China, including personal metadata, without encryption, according to the Stanford Internet Observatory (SIO), which was the first to raise the alarm about ClubHouse’s privacy and security protections on Feb. 12. Because Agora is based in China and Silicon Valley, it is subject to cybersecurity laws of the People’s Republic of China, which the company acknowledged could require it to assist the government in investigations…

Source