A Quick Look into Twitter Spaces’ Network Traffic

Audio based social networking platforms are recently gaining popularity. The Clubhouse iOS app was launched last year with the invitation-only policy and has been attracting users ever since. If you are an android user or still waiting for an invitation to join Clubhouse, it is worth trying the new Twitter app features. In response to the new audio-chat trend, Twitter has introduced audio chat room service on their mobile platform called Spaces in April 2021.

What is Twitter Spaces?

Twitter Spaces is a live audio feature enabling users to host and participate in live audio conversations, hosted within “Spaces” (aka audio chat rooms). This feature is now available in both Android and iOS versions of Twitter app. When someone you follow starts hosting a Space in the Twitter mobile app, it will appear as a purple bubble at the top of your timeline for as long as the Space is live.

                                                                   ![Twitter space ATI 1][image1]

When someone creates a Space, they are offered control functions like a conference call host such as who’s speaking, the topics, mute all, invite people to join by Tweeting or send them direct messages (DMs).

Network Traffic Analysis

The ATI team at Keysight has analyzed the Twitter Space application traffic using advanced mobile application research tools and has seen some information from the decrypted traffic which can be useful for other researchers.

We have observed that when someone starts hosting a Space in the Twitter android mobile app, it uses Periscopeto authenticate the user. And the hostname related to this traffic is “api.twitter.com”.

Twitter Spaces Authentication ATI

We have also seen that it sends the Guest ID (the ID of the user who wants to access/join the Twitter Space) as a part of the cookie.

             ![space cookie ATI][image3]

Following user authentication, the voice messages are carried over UDP when the user starts or joins a Space.

   ![Twitter Space BPS ATI][image4]

We've enhanced our Twitter application for ATI subscribers to include the Host Space feature. It is released in ATI-2021-09 StrikePack. Here, a user can create a new space and end that space. The traffic for Create New Space is customizable, from changing the “Invited Guest ID” to changing the “RTP Audio Byte Length” (voice traffic volume) during the BreakingPoint System (BPS) simulation. The user can also mix it with other traffic in order to create real world traffics.

At Keysight Technologies ATI (Application and Threat Intelligence) we always try to deliver the latest updated features for any application. As an example - Twitter introduced its Spaces feature at the first week of April 2021 and we have delivered our updated Twitter application with Twitter Spaces in ATI-2021-09 StrikePack released in April 20, 2021. So please stay tuned for the upcoming ATI’s StrikePack releases.

Leverage Subscription Service to Stay Ahead of Attacks

Keysight's Application and Threat Intelligence (ATI) Subscription provides daily malware and bi-weekly updates of the latest application protocols and vulnerabilities for use with Ixia test platforms. The ATI Research Center continuously monitors threats as they appear in the wild. Customers of BreakingPoint have now access to attack campaigns for different advanced persistent threats, allowing them to test their currently deployed security controls’ ability to detect or block such attacks.

limit
3