The hype surrounding the new Clubhouse social media app continues unabated. But what about the security of the audio-only app if you use well-known people such as politicians, company bosses or employees in high positions? Comment from Udo Schneider, IoT Security Evangelist Europe at Trend Micro.
Audio-based social media apps such as Clubhouse, HearMeOut or Audlist are very popular with users, but they are associated with some security risks. Cyber criminals take advantage of this by targeting weak points in the system quickly and easily with mostly automated attacks. Although some of the security risks of audio-based social media apps overlap with those of classic telephony, the potential damage at Clubhouse & Co is much greater - considering that at Clubhouse alone, up to 5.000 people can enter a room. The high number of participants increases the amount of data at risk and spread false information can easily reach thousands of people.
Research results show security flaws
- Interception of private information: By analyzing the network traffic, an attacker can see who is talking to whom. In addition, attackers automate this process and can eavesdrop on sensitive information in a private chat.
- Identity Fraud and Deepfake Voice: Attackers assume a false identity and can let the fake person make any statements by cloning their voice.
- Recordings for opportunistic purposes: Voice recordings can be used in the context of identity fraud to clone user accounts, damage the reputation of the original speaker or execute fraudulent contracts.
- Harassment and Blackmail: Depending on the structure of the app, attackers have the option of saying something or streaming pre-recorded audio material with which they can blackmail the victim. This is now done automatically by cyber criminals creating suitable scripts.
- Purchased Followers: According to our research, alleged developers are able to reverse engineer the application programming interface (API) to create a bot in exchange for an invitation. For example, followers can be bought.
- Concealed audio channels: Cyber criminals can create covert channels for C&C servers or hide or transmit information within digital objects.
The full report Mind Your Voice: Security Risks and Recommendations for Audio-centric Social Media Platforms is available online.
More on this at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.