38.5 F
New York
Sunday, March 7, 2021

-

Home News A race to reverse engineer Clubhouse raises security concerns – TechCrunch

A race to reverse engineer Clubhouse raises security concerns – TechCrunch

Document Analysis NLP IA

976
WORDS

WORDS
4:52
Reading Time

Reading Time
neutral
sentiment

Sentiment0.079527417027417
objective
redaction

Subjectivity0.39120971620972
not certain if it's an affirmation
Affirmation0.23739495798319

Highlights

RELEVANT
FREQ, RAKE or TFIDF
Entity
ORG
Entity
PERSON
Entity
PRODUCT
Entity
OTHER
Key Concepts (and relevance score)

Summary (IA Generated)

As live audio chat app Clubhouse ascends in popularity around the world, concerns about its data practices also grow.

The app is currently only available on iOS, so some developers set out in a race to create Android, Windows and Mac versions of the service.

While these endeavors may not be ill-intentioned, the fact that it takes programmers little effort to reverse engineer and fork Clubhouse — that is, when developers create new software based on its original code — is sounding an alarm about the app’s security.

The common goal of these unofficial apps, as of now, is to broadcast Clubhouse audio feeds in real-time to users who cannot access the app otherwise because they don’t have an iPhone.

” The developer confirmed to TechCrunch that Clubhouse blocked its service five days after its launch without providing an explanation.

Another similar effort came from a developer named Zhuowei Zhang, who created Hipster House to let those without an invite browse rooms and users, and those with an invite to join rooms as a listener though they can’t speak — Clubhouse is invite-only at the moment.

These third-party services, despite their innocuous intentions, can be exploited for surveillance purposes, as Jane Manchun Wong, a researcher known for uncovering upcoming features in popular apps through reverse engineering, noted in a tweet.

“Even if the intent of that webpage is to bring Clubhouse to non-iOS users, without a safeguard, it could be abused,” said Wong, referring to a website rerouting audio data from Clubhouse’s public rooms.

Clubhouse lets people create public chat rooms, which are available to any user who joins before a room reaches its maximum capacity, and private rooms, which are only accessible to room hosts and users authorized by the hosts.

But not all users are aware of the open nature of Clubhouse’s public rooms.

Eavesdropping is made possible by establishing communication directly with Agora, a service provider employed by Clubhouse.

As multiple security researchers found, Clubhouse relies on Agora’s real-time audio communication technology.

To make the request, the user’s phone contacts Clubhouse’s application programming interface (API), which then creates “tokens”, the basic building block in programming that authenticates an action, to establish a communication pathway for the app’s audio traffic.

Now, the problem is there can be a disconnect between Clubhouse and Agora, allowing the Clubhouse end, which manages user profiles, to be inactive while the Agora end, which transmits audio data, remains active, as technology analyst Daniel Sinclair noted.

That possibility, as the Stanford Internet Observatory points out, is contingent on whether Clubhouse stores its data in China.

Tests by TechCrunch find that users currently need a VPN to join a room, an action managed by Clubhouse, but can listen to the room conversation, which is facilitated by Agora, with the VPN off.

What’s the safest way for China-based users to access the app, given the official attitude is that it should not exist?.


131FansLike
3FollowersFollow
16FollowersFollow