Amid the hype and exponential growth of Clubhouse, Kaspersky has shared security concerns on Clubhouse, the invitation-only audio chat which grew its audience from 600,000 to 10 million in just a few weeks and spurred a massive hit on the internet.
Notably, the users will be only granted access through contacts invitation. Meaning to expand the usage, people need to share their contact list. In Clubhouse’s short history, experts have already had to issue several reminders that the app does not guarantee user privacy.
In mid-February, researchers at the Stanford Internet Observatory (SIO) discovered that user and chat-room IDs are transmitted to the servers in plaintext. SIO suggested that Agora, a Chinese provider of back-end infrastructure for Clubhouse, likely has access to users’ raw audio, although no one has confirmed or refuted the assertion.
The Clubhouse has cause confusion since the app is not yet available for android, there has been some blatant fake Clubhouse apps that has appeared on the Google Store.
Smartphone or tablet users who installed the app run the risk of giving cybercriminals access to their passwords for online banking and social media, as well as their contact lists, not to mention being bombarded with advertising banners.
It was also reported that users managed to stream content from the app on their own website. The company did not comment on the incident in detail, but it clarified that the user was in breach of the privacy policy; it wasn’t a hack. The culprit having been banned, the developers promised to fix the bug, but safe to say more loopholes remain in the software.
Sharing your contact and the privacy policy will allow developers to transfer such data to a wide range of third and outside parties. From contractors to marketing agencies and law enforcement agencies.
Kasperksy has suggested ways and tips for users to enhance their safety and reduce the security threat while using Clubhouse:
Since it has yet to be made available for android, users are advised not to fall for fake apps in Google play. Users are also urged to be careful of the information shared and avoid sharing confidential information and only share information for the public domain.
Users are suggested not to simply follow the trend but to know the purpose of installing Clubhouse, or else users will experience beta 1.0 errors rolling out.
Clubhouse currently lacks full-fledged account verification, which enables people to impersonate anyone. Users have already swallowed the bait of a fake Brad Pit among others.
Users are also advised to back up the device with a reliable security solution that blocks malware before installing.
