- AGORA VIDEO CALL DOCUMENTATION HOW TO
- AGORA VIDEO CALL DOCUMENTATION ANDROID
- AGORA VIDEO CALL DOCUMENTATION SOFTWARE
- AGORA VIDEO CALL DOCUMENTATION CODE
- AGORA VIDEO CALL DOCUMENTATION DOWNLOAD
AGORA VIDEO CALL DOCUMENTATION CODE
Using the logging comments from the above code we can look at the documentation to understand what an App ID is and what it is used for.įigure 2: Agora documentation about App ID This is amazing for developers, but also very useful to security researchers and hackers.
AGORA VIDEO CALL DOCUMENTATION HOW TO
Its GitHub repositories also provide detailed sample projects on how to use the product.
AGORA VIDEO CALL DOCUMENTATION DOWNLOAD
In a broader context, Agora is used for a variety of applications including social, retail, gaming and education, among others.Īgora allows anyone to create an account and download its SDKs for testing from its website, which also provides extensive documentation. What is Agora?Īccording to the website – “Agora provides the SDKs and building blocks to enable a wide range of real-time engagement possibilities” In the context of our initial robot project, it simply provides the technology required to make audio and video calls. This raised the question: What is this key and what is it used for? Thanks to the detailed logging provided by the developers, we had a place to start. During this analysis, a hardcoded key was discovered in the app.įigure 1: Application ID hardcoded in temi phone ap
AGORA VIDEO CALL DOCUMENTATION ANDROID
To boldly go where no one has gone beforeĪs part of our analysis of the temi ecosystem, the team reviewed the Android application that pairs with the temi robot. These core concepts are what led us to the findings discussed in this blog. Furthermore, when encryption is an option provided by a vendor, it must be easy for developers to implement, adequately protect all session information including setup and teardown, and still meet the developers’ many use cases. While the need to protect truly sensitive information such as financial data, health records, and other personally identifiable information (PII) has long been standardized, consumers are increasingly expecting privacy and encryption for all web traffic and applications. For example, all modern browsers have begun to migrate to newer standards (HTTP/2) which enforce encryption by default, a complete change from just a few years ago where a significant amount of browsing traffic was sent in clear text and could be viewed by any interested party. We reported this research to Agora.io on Apand the company, as of December 17th, 2020 released a new SDK, version 3.2.1, which mitigated the vulnerability and eliminated the corresponding threat to users.Įncryption has increasingly become the new standard for communication often even in cases where data privacy is not explicitly sensitive. At the time of writing, McAfee is unaware of any instances of this vulnerability being exploited in the wild.
This flaw, CVE-2020-25605, may have allowed an attacker to spy on ongoing private video and audio calls.
In early 2020, our research into the Agora Video SDK led to the discovery of sensitive information sent unencrypted over the network. Several of the most popular mobile applications utilizing the vulnerable SDK included social apps such as eHarmony, Plenty of Fish, MeetMe and Skout, and healthcare apps such as Talkspace, Practo and Dr. Agora’s SDKs are used for voice and video communication in applications across multiple platforms.
AGORA VIDEO CALL DOCUMENTATION SOFTWARE
A byproduct of our robotic research was a deeper dive into a video calling software development kit (SDK) created by Agora.io. We recently investigated and published several findings on a personal robot called “temi”, which can be read about in detail here. The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. 3.ARCHIVED STORY Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK I left an AppID defined in the application for you to test. If you need to start a call it is very simple, only you and your friend must be connected on the same channel and on the AppID. If you choose to generate a token, you will need to copy Appid, Channel, Token to the application. To use Agora.io, create an account, right after, create a new project and just copy the AppId to your application. The so-called video page is a responsive local HTML page, which allows for the greatest adjustment in the size of your device. In this application I used the CustomWebVideo extension from and the ListPermission created by me. Well, Agora.io is a video call service, which has more than 200 data centers distributed around the world to guarantee ultra low latency (~ 300ms) and resilience to packet loss (up to 70%). With it you can make video calls even in groups, with excellent control and response.
I created a video call application using Kodular + Agora.
0 kommentar(er)
