With their collaboration, we were able to alert our customers and help them make necessary fixes. Thanks to McAfee for identifying a vulnerability in our SDK and partnering with us to test our December patch. These may be a few of the reasons why these application developers have chosen to not use the encryption for the video and audio,” he added. It is also worth noting that, generally, the speed and quality of a video call is harder to maintain while using encryption. This is difficult to implement into a video SDK post-release since a built-in mechanism for key sharing was not included. “Many calling models used in applications want to give the user the ability to call anyone without prior contact. Security Researcher at McAfee, in a blog post Opens a new window. “The Agora SDK itself did not provide any secure way to generate or communicate the pre-shared key needed for the phone call, and therefore this was left up to the developers, wrote Douglas McKee Opens a new window, Principal Engineer & Sr. See Also: 6 Data Protection Rules To Remember While Video ConferencingĪccording to McAfee, encryption didn’t work in Agora because the encryption options required a pre-shared key, whose implementation was left to the developers. Agora’s SDK also powers dating services eHarmony, Plenty of Fish, and Skout and healthcare apps such as Talkspace, Practo, and Dr. Agora works with MeetMe to integrate its live video streaming features with the popular dating app and online therapy platform Talkspace to facilitate Opens a new window online mental health therapy sessions.īoth MeetMe and Talkspace registered enormous growth since the pandemic hit. The fact that Agora relayed data associated with audio and video calls in an unencrypted form posed a significant risk to the security and privacy of users’ personal information. a.k.a, they could spy on users’ private video calls,” McAfee explained. In a man-in-the-middle attack, an attacker “secretly intercepts and possibly alters the communications between two unsuspecting users. This essentially meant that attackers sitting on the same network could launch man-in-the-middle attacks by intercepting unencrypted data and using it to join an ongoing call. The error made the applications relay unencrypted video and audio data even if encryption was turned on in apps using Agora SDK. The vulnerability, assigned CVE-2021-25605, arose due to an error in the encryption mechanism of the SDK. The vulnerability allowed attackers to snoop on live audio and video calls by exploiting a lack of encryption of call data in the software development kit.Īccording to researchers at the Advanced Threat Research (ATR) team at McAfee, Agora’s video software development kit (SDK) featured a severe vulnerability that enabled an attacker to spy on ongoing video and audio calls without being detected. Headquartered in Shanghai, China, Shengwang is the leading Real-Time Engagement PaaS provider in the China market.Silicon Valley-based cybersecurity company McAfee recently discovered a critical security vulnerability in video broadcasting service Agora. Headquartered in Santa Clara, California, Agora is a pioneer and global leader in Real-Time Engagement Platform-as-a-Service (PaaS), providing developers with simple, flexible, and powerful application programming interfaces, or APIs, to embed real-time voice, video, interactive live-streaming, chat, whiteboard, and artificial intelligence capabilities into their applications. is the holding company of two independent businesses, Agora and Shengwang. Please visit Agora, Inc.'s investor relations website at on to view the earnings release and accompanying slides prior to the conference call.Īgora, Inc. Participants may register for the call with the link below. Investors who want to hear the call should log on at least 15 minutes prior to the broadcast.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |