The French data protection authority has launched an investigation into alleged data breaches by the Clubhouse app. There was also a message that the creators of the app had launched an accelerator program.
Apparently, Silicon Valley can't get enough of the app. It all comes after the news a few weeks ago that chats were cracked. In view of the hype surrounding the app, Satnam Narang, Staff Research Engineer at Tenable, comments on Clubhouse's status in terms of IT and data security.
Clubhouse app with 8 million iOS downloads
“In February 2021, Clubhouse exceeded eight million global downloads for its voice-based social media app, which is currently only available on iOS devices. In the past, I've found that when an app gains popularity with users, scammers quickly become aware of them and find their own niche around them, whether it's Facebook, Twitter, Instagram, Snapchat, Tinder, or TikTok.
There are some challenges Clubhouse presents to scammers, but there are also opportunities. For example, since the app is voice-controlled, there is no way to chat with users to distribute links to scams, which is often the preferred method of scammers. Clubhouse allows users to promote social profiles for Instagram and Twitter, which is the most likely method of leading users to scam. I saw this on my TikTok research a few years ago when scammers were promoting adult dating scams and asking users to add them on Snapchat in order to take them off the platform.
Satnam Narang, Staff Research Engineer at Tenable (Photo: Tenable)
Rooms with fake profiles
There have been reports that clubhouse rooms were created to present “get-rich quick” systems or fake coaching offers. They drive Clubhouse users to social profiles created to promote these so-called opportunities. These benign profiles are likely to be removed only after users partake of their money, which makes this type of scam extremely lucrative.
There is also an imitation problem that occurs with other platforms and has already started to manifest itself with Clubhouse. After joining Elon Musk Clubhouse, some fake Elon Musk profiles appeared on the platform. There are reports of other well-known personalities who are not actually at Clubhouse, but who have been told by their fans that they were in a room with them. I expect this to continue until Clubhouse starts building some kind of verification mechanism within the platform for these celebrities.
Unofficial Android apps are extremely dangerous
The clubhouse app itself is undoubtedly being examined for weaknesses by security researchers. It has previously been reported that users have been able to sniff audio from clubhouse rooms and create unofficial Android versions of the app until an official version is released. Unofficial versions of Clubhouse for Android are another area that is ripe for abuse. With the ability to load applications onto Android devices, cyber criminals can create fake versions of Clubhouse that can perform malicious actions on users' devices and potentially cause financial damage. "
More on this at Tenable.com
About Tenable Tenable is a Cyber Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.