In a report released by researchers at McAfee, a new bug tracked as CVE-2020-25605 can allow attackers to join audio and video calls without being detected. The bug impacts the Software Development Kit (SDK) provided by Agora. Agora is a US-based company that specializes in providing real-time communication. Some of the applications that use the Agora SDK include MeetMe, Skout, Nimo TV, temi, Dr. First Backline, Hike, Bunch, and Talkspace. Any attacker that has access to the same local area network as the targeted victims can join the calls without being detected, steal call identifiers, and intercept initial call traffic. This is because Agora SDK does not encrypt details shared during the process of setting up a new call even if the encryption feature is enabled.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security