“The developers of audio chat room app Clubhouse plan to add additional encryption to prevent it from transmitting pings to servers in China,” reports The Verge, “after Stanford researchers said they found vulnerabilities in its infrastructure.” In a new report, the Stanford Internet Observatory (SIO) said it confirmed that Shanghai-based company Agora Inc., which makes real-time engagement software, “supplies back-end infrastructure to the Clubhouse App.” The SIO further discovered that users’ unique Clubhouse ID numbers — not usernames — and chatroom IDs are transmitted in plaintext, which would likely give Agora access to raw Clubhouse audio. So anyone observing internet traffic could match the IDs on shared chatrooms to see who’s talking to each other, the SIO tweeted, noting “For mainland Chinese users, this is troubling.” The SIO researchers said they found metadata from a Clubhouse room “being relayed to servers we believe to be hosted in” the People’s Republic of China, and found that audio was being sent to “to servers managed by Chinese entities and distributed around the world.” Since Agora is a Chinese company, it would be legally required to assist the Chinese government locate and store audio messages if authorities there said the messages posed a national security threat, the researchers surmised… The company told SIO that it was going to roll out changes “to add additional encryption and blocks to prevent Clubhouse clients from ever transmitting pings to Chinese servers” and said it would hire an external security firm to review and validate the updates.
Read more of this story at Slashdot.
Source:
https://tech.slashdot.org/story/21/02/14/208205/after-researchers-raise-spying-concerns-clubhouse-promises-blocks-on-transmitting-to-chinese-servers?utm_source=rss1.0mainlinkanon&utm_medium=feed