We reported this research to Agora.io on Apand the company, as of December 17th, 2020 released a new SDK, version 3.2.1, which mitigated the vulnerability and eliminated the corresponding threat to users.Įncryption has increasingly become the new standard for communication often even in cases where data privacy is not explicitly sensitive. At the time of writing, McAfee is unaware of any instances of this vulnerability being exploited in the wild. This flaw, CVE-2020-25605, may have allowed an attacker to spy on ongoing private video and audio calls. In early 2020, our research into the Agora Video SDK led to the discovery of sensitive information sent unencrypted over the network. Several of the most popular mobile applications utilizing the vulnerable SDK included social apps such as eHarmony, Plenty of Fish, MeetMe and Skout, and healthcare apps such as Talkspace, Practo and Dr. Agora’s SDKs are used for voice and video communication in applications across multiple platforms. A byproduct of our robotic research was a deeper dive into a video calling software development kit (SDK) created by Agora.io. ![]() We recently investigated and published several findings on a personal robot called “temi”, which can be read about in detail here. The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. ![]() ![]() ARCHIVED STORY Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |