Friday, July 23, 2021

Bug in a shared SDK may allow attackers to join calls undetected across multiple apps

Must Read

Hacking incident Prices NWF Group £500,000 as trading in Stocks restarts after a 10-day suspension

Agricultural company NWF Group has declared trading in its shares has declared following a hacking event which lasted over...

Elasticsearch Server Leaks Massive Instagram Click Farm

Security researchers have discovered a gigantic Instagram click farm in central Asia, managing thousands of bogus profiles. A group in...

Hacker leaks the user Information of event management app Peatix

Over 4.2 million consumer accounts are made available for downloading online earlier this month. A hacker has leaked that this...

A small library that provides audio and video call capabilities contain a bug that allows attackers to join audio and video calls without being detected.

The bug – detected by security company McAfee and tracked as CVE-2020-25605 – affects the software development kit (SDK) provided by Agora, a US company specializing in delivering real-time communication tools.

Applications that use this SDK for audio and video streaming capabilities include MeetMe, Skout, Nimo TV, Temi, Dr. First Backline, Hike, Bunch, and Talkspace.

In a report published today, McAfee states that the Agora SDK does not encrypt data shared during the new call process, even if the app has enabled encryption functionality.

Any attacker stationed on the same network as the target user can disconnect traffic in the first stages of the call, extract various call identifiers, and join the call without being detected.

McAfee said the matter came to light last year, in April, during a three-way security study, a personal robot used in retail stores supporting audio and video calling.

Subsequent investigations have found indications that this behavior has affected other applications using the SDK, and the security company said it had informed Agora of its findings.

Steve Povolny, Head of Advanced Threat Research at McAfee, said they informed Agore of their findings and that the company responded by releasing a new SDK in December 2020 that was not at risk for CVE-2020-25605.

“While we do not know which of these applications used the new SDK, we can confirm that the Agora has released the SDK and followed its developers to urge them to use what is being developed,” Povolny said.

Bug in a shared SDK may allow attackers to join calls undetected across multiple apps
Image:McAfee

An Agora spokesman did not return a request for comment.

Agora-based apps have tens of millions of downloads in the Google Play Store alone; however, McAfee said they found no evidence that the insect had been disturbed in the wild to examine the conversations.

Vulnerability Details

  • CVE: CVE-2020-25605
  • CVSSv3 Rating: 7.5/6.7
  • CVSS String: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
  • CVE Description: Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic.
a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This