Analysts raise Clubhouse concerns

Analysts raise Clubhouse concerns

Audio-based social networking app poses a host of risks for users

The rise of audio-based social networking app Clubhouse has sparked concerns about privacy violations, data leaks, unauthorised imitation apps, sales of invitations for app access as well as audio deep fakes, say cybersecurity experts.

Reports from the BBC and Bloomberg show a user found a way to stream feeds from multiple chatrooms on the app, which flouted the platform's policy.

"There are potential cyber-risks and privacy concerns with the use of Clubhouse," said Prinya Hom-anek, a cybersecurity expert, at a recent virtual seminar on digital privacy organised by the Thailand Information Security Association.

To join the platform, people must be invited by existing users. Each member has a limit of two invitations. The app can only be downloaded via Apple's App Store now.

Mr Prinya said when people sign up for Clubhouse, the app can gain access to all the phone numbers of contacts from their devices. Whichever rooms users go in, others following them on the platform can learn this information.

He said there is also a risk of data leaks as someone in the room may record a conversation and publish it on other channels, such as YouTube.

"The EU found the app violates its General Data Protection Regulation," Mr Prinya said.

Meanwhile, Houseclub app has emerged on the Android system, which the developer said was created through reverse engineering Clubhouse. This unofficial app could pose a potential cyber-risk to users, he said.

Paiboon Amonpinyokeat, a managing partner of P&P law firm, said users on Clubhouse could be at risk of having their audio secretly recorded and edited by others who want to use it against them.

Clubhouse faces legal action in Germany for failing to comply with the data protection and consumer protection laws, he said.

Denis Legezo, security expert at Russia-based cybersecurity service provider Kaspersky, said there are two worrying issues about Clubhouse: the sale of invites and fake apps, which could lead to the exploitation of users.

Regarding fake apps, he said: "Attackers can distribute a malicious code under the guise of popular software, such as a fake version of Clubhouse for Android. A fake malicious app can do exactly what you allow it to do in the security settings of your Android -- to get a rough or accurate location of the device, record audio and video, or attain access to messengers".

According to Mr Legezo, there is also concern about malicious attempts to use high-quality recordings to train machine algorithms to create more sophisticated deep fakes.

Chanvith Iddhivadhana, Thailand country manager for cybersecurity firm Fortinet, said people should protect themselves online by engaging in safer practices. They should refrain from sharing identifiable personal information, such as real name, or information about where they live, he said.

Do you like the content of this article?

Khon Kaen opens field hospitals

KHON KAEN: Provincial authorities of this northeastern province is set to open two field hospitals to cope with the rising number of its Covid-19 patients.


Anti-smokers dismiss vaping call

Anti-smoking advocates on Wednesday shrugged off a call by a pro-vaping group for e-cigarettes to be provided by the state as an option for smoking cessation treatment, as being offered in Britain.


Ministry advises locals in risk areas to work from home

The Ministry of Public Health is urging people living in high-risk areas to work from home or stay put for two weeks to curtail the upward trajectory of Covid-19 cases that is expected to skyrocket after the Songkran Festival.