Do you have ever witnessed ghosts hiding in the room and then disappeared suddenly? You can’t mute them, which makes it more disgusting. In a Clubhouse room in February, a security researcher told me that she’d disappear even when we’re talking. Suddenly, her avatar vanished. I seem to be alone but don’t know whether it was real or she was there. But at least she disappeared temporarily.
She said, I’m fucking ghost, and that’s the bug. It was surprising for me. Audio social network clubhouse had made its debut almost a year ago. Along with the privacy, security, and abusive issues, they still have explosive growth. Some problems were like pair of vulnerabilities that Missouri has discovered and fixed.
If they haven't been fixed, it can easily allow attackers to lurk and listen to the debate without being detected. Moreover, they can disrupt the discussion that can be out of a moderator’s control. Unfortunately, anyone can exploit these vulnerabilities even if they don’t have technical knowledge.
Attackers only need two iPhones that have Clubhouse installed. Moreover, they need a Clubhouse account. But the good news is, Clubhouse is just available on iOS. It’s easy to start an attack, and you just need to log in to your Clubhouse account. First of all, you’ll do this on 1st device and then start or join a room. After that, you’ll log in to your second device and will join the same room.
It is the mistake we make. It will show that you’re logged in on screen 1 and didn’t fully log out. Unfortunately, you’ll still have the live connection in your previous room that you’ve joined. After leaving the same room on device 2, you might disappear, but it will allow you to maintain a ghost connection on device 1.


Hackers advantage

Hackers take advantage of it by launching variations or attacks on it. They use technical mechanisms and do it efficiently, and they exploit the flaw quickly. According to Missouri, the weakness exists in every Clubhouse, and the platform is working to deal with hate speech, harassment, privacy issues, and other abuse.
It’s heartbreaking to leave the room because you can’t say what you want because of the presence of a ghost. Therefore, it’s a nightmare situation for people who want to use this audio chat app. According to her experience with Clubhouse, she shared the findings with the company in early March. Unfortunately, they didn’t respond immediately and fixed the issue after a few weeks.
The representative of Clubhouse explained to Missouri that there were two bugs related to her findings. They fixed the first bug to ensure that the ghost would remain muted and couldn’t listen to the room even if they were present in it. The second bug was about the cache display issue. It will ensure that if the user is fully logged out from the previous device, they will not appear to be logged into another device. She further said she couldn’t validate the fixes herself, but she was satisfied with the explanation.
The spokesperson of Clubhouse said that they were thankful to Missouri for highlighting the bugs, and it helped us to fix those issues before it affects the users. Moreover, they said that they want to grow and improve the security and privacy issues with the collaboration of users.
Another security researcher also has concerns over Clubhouse, and she said that they didn’t respond to them on time. Some journalists also have issues with their team because they don’t respond to their requests. You can either quit using Clubhouse, or if you want to use it ensure that your privacy and security will not be promised.


Previous Post Next Post