Someone hacked Clubhouse and spied on private rooms — here's how

News
By published

All you need is a Clubhouse account and two iPhones

Clubhouse iPhone app
(Image credit: Unsplash)

Clubhouse continues to grow in popularity, despite the app only being available for iOS devices and technically still being in development. As with all new apps starting up, there are security vulnerabilities that need to be addressed. Turns out Clubhouse had a big one.

A security researcher found a way to hack the audio chat app that could let attackers spy or disrupt private rooms without being detected. If you had two iPhones and a Clubhouse account, you could have, too.  

Discovered by Katie Moussouris, the researcher could appear as if she left a private room on the iOS app, all while still remaining in the room as an invisible user. Even worse, the vulnerability could allow attackers to still talk while being immune to moderators.

As shown in the Moussouris' demonstration, all you needed were two iPhones and a Clubhouse account. First, you would need to log in and join a room on Clubhouse on the first iPhone, and then log in on the second iPhone. From there, you would be automatically logged out on the first iPhone — sort of.

While still being logged in on the second iPhone, you wouldn't be fully logged on the first; as you would still have a live connection to the room. Once you leave the room on the second iPhone, you would still be connected via the first iPhone except you would now show up invisibly.

Moussouris breaks down the vulnerability into two categories: attackers becoming an "Eavesdropping ghost (Stillergeist)" or a "Trolling ghost (Banshee Bombing)." The former meant attackers could silently spy in any room on the app, while the latter allowed attackers to disrupt rooms by verbally harassing victims without moderators being able to control them.

While Clubhouse took time to reply to Moussouris after sending a report, the company eventually got back and the issue has now been fully resolved.

Clubhouse has run into other privacy issues since its surge in popularity back in December, including a recent "data leak". This newly discovered vulnerability shows Clubhouse still has knots to screw tight, especially since it's expected to come to Android soon.

Moussouris fully explains how she discovered the bug and the process she went through in a post. Check it out for more details.

(H/T Wired)

Darragh Murphy
Darragh Murphy
Editor

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.  

Read more
DeepSeek AI chatbot on a phone
DeepSeek jailbreakers are tricking the chatbot into bad-mouthing the Chinese government
DeepSeek whale logo in the style of the TikTok logo.
DeepSeek's success has painted a huge TikTok-shaped target on its back
DeepSeek whale logo in the style of the TikTok logo.
The DeepSeek mania proves it's finally — finally! — time to talk about AI privacy
Apple HomePod
Amazon's Alexa privacy U-turn just made this Apple rumor all the more exciting
Messages app in iOS icon
Apple is tantalizingly close to killing green bubbles
Best 16-inch laptops lede image
The 9 most outlandish computing stories of 2024
Latest in Antivirus & Cyber-security
TP-Link routers targeted by Chinese state-sponsored cyber attacks
TP-Link routers may face nationwide ban after 'significantly alarming' link to US cyberattacks
What is a VPN kill switch — and why you should use one
You need a VPN for school, here are 3 services we recommend
The AMD Ryzen and NVIDIA RTX stickers on the Acer Nitro 17
'You basically have to throw your computer away': Researchers explain AMD 'Sinkclose' vulnerability, but do you need to worry?
Google Search
This malware is posing as Google Authenticator using Google ads — here's how to protect yourself
Windows 10 BSOD saying "It's not you, it's me."
Microsoft reveals CrowdStrike outage could have a surprising long-term impact on everyday users
MANILA, PHILIPPINES - JULY 19: Long queues of passengers form at the check-in counters at Ninoy Aquino International Airport, amid a global IT disruption caused by a Microsoft outage and a Crowdstrike IT problem, on July 19, 2024 in Manila, Philippines. A significant global outage affecting Microsoft services, particularly Microsoft 365, has caused widespread disruptions across various sectors, including airlines, banks, and health systems. The outage was attributed to a glitch in CrowdStrike's "Falcon Sensor" software, which impacted Windows systems, leading to thousands of flight cancellations and operational chaos in multiple industries. Microsoft has reported that the underlying cause of the outage has been fixed, but residual effects continue to impact some users as the company works on full recovery. (Photo by Ezra Acayan/Getty Images)
The CrowdStrike outage spotlights major vulnerabilities in the global information ecosystem
Latest in News
Nintendo switch 2 virtual game card
Nintendo's Virtual Game Card feature might be more revolutionary than the Switch 2
A close-up of a light-colored computer keyboard shows the keys T, Y, G, and H replaced by the logos of OpenAI, DeepSeek, Grok, and Gemini, the leading competitors in the artificial intelligence market. This serves as a visual metaphor for the intense rivalry and innovation in the AI industry. (Photo by Matteo Della Torre/NurPhoto via Getty Images)
Is generative AI inadvertently reducing the voices of many to the banality of one?
Asus ROG Ally Z1 on a brown table with the game Unpacking played on screen.
Handheld gaming PCs have a Windows problem — but maybe not for long
WWDC 2025 could mark the beginning of the end for certain iPhone users
Error when installing Google Chrome on the Asus Vivobook 16 Flip, on a white desk against a blue background.
"This app can't run on your PC": Google's Chrome Installer broke on Windows, but there's a fix
Nintendo Switch 2 handheld gaming console
Nintendo Switch 2 preorder date: It might be a lot closer than you think, say tipsters
More about antivirus cyber security
TP-Link routers targeted by Chinese state-sponsored cyber attacks

TP-Link routers may face nationwide ban after 'significantly alarming' link to US cyberattacks
What is a VPN kill switch — and why you should use one

You need a VPN for school, here are 3 services we recommend
Beats Studio Pro headphones on a wooden table next to a laptop.

Best Buy is slashing up to $170 off Beats audio gear for a limited time, here are 5 deals I recommend
See more latest