LIFARS Uncovers a Clubhouse Vulnerability, Responsible Disclosure Follows

LIFARS Finds Vulnerability in Clubhouse, Responsible Disclosure Follows

New York, February 22, 2021 – LIFARS LLC, a New York City-based leader in cybersecurity services, including incident response, digital forensics, ransomware mitigation and cyber resiliency services, discovered yet undisclosed vulnerability in the platform of the trending social network Clubhouse.

Clubhouse is an invitation-only audio-chat social network that was launched in 2020. Meanwhile, it is rapidly gaining popularity between Apple iOS users as it is not yet available for Android users officially.

 

Clubhouse Vulnerability

LIFARS discovered a vulnerability confirming the privacy issues raised in the cybersecurity and privacy community. Following the discovery, LIFARS research and development department was able to prepare a proof-of-concept video and working exploit.

“Our proof-of-concept and exploit show, that “new safeguards” installed to prevent the siphoning of platform’s live audio are not functional and that the issue persists” said Ladislav Baco, director of research and development department at LIFARS. Additionally, LIFARS’s findings indicate, that the issue at hand is even bigger regarding the attacker’s stealth.

 

Responsible Disclosure

Today, LIFARS submitted a detailed vulnerability report to Clubhouse support, which confirmed the receipt of the findings. Respecting the responsible disclosure model for disclosing vulnerabilities, LIFARS is allowing 7 days to fix this serious vulnerability as it is affecting all users of this social networking platform (including some high-profile accounts, dissidents and citizens of non-democratic countries). After that, a full public disclosure will follow.

“Importance of privacy is highlighted especially in case of people persecuted for their opinions or in countries with mass surveillance of their citizens” said Ondrej Krehel, CEO and founder of LIFARS. “Social networks like Clubhouse should implement all necessary measures to make sure, that no one can monitor and record their conversations without their knowledge.”

 

Security should be at the core of any application development process. Moreover, securing the code arguably brings the most security benefits compared to other activities.

 

About LIFARS

LIFARS is a leader in Digital Forensics and Cyber Resiliency Services. Additionally, the technical team’s experience spans decades working on high profile events. Often, LIFARS does this in coordination with law enforcement agencies around the world. Deployed methodologies derive directly and indirectly from experience working with and for US Intelligence Agencies, Interpol, Europol, and NATO.