The data privacy watchdog in France has opened an investigation into alleged privacy breaches on the popular Clubhouse app. Satnam Narang, Staff Research Engineer at Tenable looks at the implications for the audio-based social media platform.
In February 2021, Clubhouse topped 8 million global downloads for its invite-only voice-based social media app that is currently only available on iOS devices. Historically, I’ve found that when an app surges in popularity with users, scammers quickly take notice and find their own niche around them, whether it’s Facebook, Twitter, Instagram, Snapchat, Tinder or TikTok. There are a few challenges that Clubhouse presents to scammers as well as opportunities.
For instance, because the app is voice-driven, there is no way to chat with users in order to peddle links to scams, which is often a scammer’s preferred method. Clubhouse does allow users to promote social profiles for Instagram and Twitter, which is the most likely way users will be driven to scams. I saw this in my TikTok research a few years ago, when scammers were promoting adult dating scams, they would ask the users to add them on Snapchat in order to take them off the platform.
There have been reports that Clubhouse rooms have been created to promote get-rich quick schemes or fake coaching offers. They drive users off Clubhouse to social profiles created to promote these so-called opportunities. These benign profiles aren’t likely to get removed until after users have parted ways with their money, making this type of scam extremely lucrative.
There is also an impersonation problem that faces other platforms and has already started to emerge on Clubhouse. After Elon Musk joined Clubhouse, a few fake Elon Musk profiles appeared on the platform. There are reports of other notable figures who aren’t actually on Clubhouse, but have been told by their fans that they were in a room with them. I expect this to continue until Clubhouse starts incorporating some sort of verification mechanism within the platform for these notable figures.
The Clubhouse app itself is undoubtedly being examined by security researchers for flaws. We’ve already seen reports that users have been able to snoop on audio from Clubhouse rooms and create unofficial Android versions of the app until an official one is released.
Unofficial versions of Clubhouse for Android is another area that is ripe for abuse. With the ability to sideload applications on Android devices, cybercriminals can create fake versions of Clubhouse that perform malicious actions on the users’ devices and potentially lead to financial harm.
By Satnam Narang
Staff Research Engineer
Tenable