Clubhouse might be an issue
24.02.2021

Now is a good moment for scammers - the new social network is of great interest, but the general public knows little about it. For example, not everyone knows that the application is still available only in the App Store. As a result, the number of downloads of the project management application of the same name on Google Play have grown, because users believe that this is the hotly debated social network app. In the wake of such confusion, fraud (phishing in disguise as some email "invites", sale of non-existent invitations) and data misuse are possible.

Further security threats are associated with the use of traditional schemes by fraudsters: account hacking, sending fraudulent messages from them and offering to pay a ransom for recovery, etc.

The main concerns are related to the voice recording function. This is the risk of an increase in the number of deepfake scams. It becomes cheaper to use because the source codes of algorithms for speech synthesis are freely available. Mass distribution has so far been held back by a lack of resource (voice and video) to train the neural network. Clubhouse, given the popularity, will fill the deficit, especially if it has an absolutely unique bait, for example, a speaker who is not so easy to find on other resources. Until people encounter such a scam, they will keep trusting a call from a fraudster with the voice of one of their friends or a video call.


There has already been an incident - one user managed to put live a few chatroom talks:

Clubhouse confirms data spillage of its audio streams


And it's important to remember that nobody has seen the source code, i.e. it is not known how the data is stored, who has access to it. As with any new application, vulnerabilities are likely to be found in Clubhouse. Therefore, the main thing that users can do to protect themselves is to be guided by the rule - not to conduct confidential conversations on social networks.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.