Specialists of the National Monitoring System have published the results of the relevant study.
Roskachestvo specialists identified the main threats to Clubhouse. Employees of the National Monitoring System thoroughly tested the application of the increasingly popular voice messaging service.
It turned out that during installation, the software requests access rights to the contact list and subsequently offers to invite all subscribers from the address book to participate. Among other things, after registering a new user, the app sends push notifications to their contacts and offers to create a private room for greeting. Roskachestvo pointed out that it is also unclear how information about social connections is stored.
Clubhouse currently only works on iOS and attackers may well create virus clones of the Android app. Scammers began to use for their own benefit the so — called invites-invitations for new users. On some resources in the network, ads for the sale of fake analogues have already appeared, aimed at taking money from potential victims.
Another danger of using the voice message service application may be the recording of conversations. Roskachestvo experts tend to believe that the files may fall into the hands of third parties, despite the formal ban on “saving conversations” without the written consent of all participants.
“Apparently, these records can be stored for quite a long time. On February 20, it became known about a hacker attack, as a result of which the conversations of some users in a closed room leaked to the network. So, technically, such a hack is possible, and more incidents are likely to be expected. A hacker attack, however, is optional: users can bypass the restriction of recording conversations themselves using third-party applications, ” the TASS monitoring service quotes specialists.
Roskachestvo pointed out that at the moment Clubhouse does not meet the basic security criteria. Russians should wait for the moment when the above-mentioned vulnerabilities are eliminated.