For example, all modern browsers have begun to migrate to newer standards (HTTP/2) which enforce encryption by default, a complete change from just a few years ago where a significant amount of browsing traffic was sent in clear text and could be viewed by any interested party. We reported this research to Agora.io on Apand the company, as of December 17th, 2020 released a new SDK, version 3.2.1, which mitigated the vulnerability and eliminated the corresponding threat to users.Įncryption has increasingly become the new standard for communication often even in cases where data privacy is not explicitly sensitive. At the time of writing, McAfee is unaware of any instances of this vulnerability being exploited in the wild. This flaw, CVE-2020-25605, may have allowed an attacker to spy on ongoing private video and audio calls. In early 2020, our research into the Agora Video SDK led to the discovery of sensitive information sent unencrypted over the network. Several of the most popular mobile applications utilizing the vulnerable SDK included social apps such as eHarmony, Plenty of Fish, MeetMe and Skout, and healthcare apps such as Talkspace, Practo and Dr. Agora’s SDKs are used for voice and video communication in applications across multiple platforms. We recently investigated and published several findings on a personal robot called “temi”, which can be read about in detail here. A byproduct of our robotic research was a deeper dive into a video calling software development kit (SDK) created by Agora.io. Video: Boolean for whether the users video is activeĬlient: Boolean for whether the user is the hostĢ.The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. A state variable that contains information of all users called, each user contains:Īudio: Boolean for whether the users audio is active.Application Architecture The container component: Each video component contains a control component that contains buttons for muting audio, stopping video, or quitting the call (host only). This application will contain a container component that contains video components per user (who has joined the call). A global context is used to provide access to states and refs. Leveraging React’s reusable component architecture, we will make components for every user’s video and controls for every video (mute, stop video, leave call). Then install Agora web SDK using npm install agora-rtc-sdk-ng Open the folder in your preferred code editor. We start by creating a default react app using npx create-react-app agora-gc For more information about token-based authentication in the Agora platform, see. Note:This guide does not implement token authentication, which is recommended for all RTE apps running in production environments. In order to use the Agora SDK, we need an App ID. ![]()
0 Comments
Leave a Reply. |