![]() For example, all modern browsers have begun to migrate to newer standards (HTTP/2) which enforce encryption by default, a complete change from just a few years ago where a significant amount of browsing traffic was sent in clear text and could be viewed by any interested party. We reported this research to Agora.io on Apand the company, as of December 17th, 2020 released a new SDK, version 3.2.1, which mitigated the vulnerability and eliminated the corresponding threat to users.Įncryption has increasingly become the new standard for communication often even in cases where data privacy is not explicitly sensitive. At the time of writing, McAfee is unaware of any instances of this vulnerability being exploited in the wild. This flaw, CVE-2020-25605, may have allowed an attacker to spy on ongoing private video and audio calls. In early 2020, our research into the Agora Video SDK led to the discovery of sensitive information sent unencrypted over the network. Several of the most popular mobile applications utilizing the vulnerable SDK included social apps such as eHarmony, Plenty of Fish, MeetMe and Skout, and healthcare apps such as Talkspace, Practo and Dr. Agora’s SDKs are used for voice and video communication in applications across multiple platforms. A byproduct of our robotic research was a deeper dive into a video calling software development kit (SDK) created by Agora.io. We recently investigated and published several findings on a personal robot called “temi”, which can be read about in detail here. The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. If no windows are open we use the activate event to create a new window using our createWindow function.ARCHIVED STORY Don’t Call Us We’ll Call You: McAfee ATR Finds Vulnerability in Agora Video SDK For macOS, we use the window-all-closed event that to quit the app when the window is closed. Returning to events on our Electron app, we have the ready event, which calls the createWindow function. We load the index.html file using the loadFile method on our main browser window. We pass nodeIntegration: true and contextIsolation: false in our webPreferences to support the Agora SDK integration. We write a new function createWindow to spawn a new browser window using the BrowserWindow from Electron. The electron-squirrel-startup module manages the Windows app startup logic. We’re allowing the use of non-context-aware modules by setting the allowRendererProcessReuse property to false to use the Agora SDK. We’re importing app and BrowserWindow from Electron, and we’re using path from Node. The styling for our app looks like this: body ) We have a simple layout: two buttons for starting and ending the call, and two divs to contain the videos for local and remote users inside the video-container div. The defer tag waits for the page to load before executing the JS. We’re adding a script tag to the tag, with the source set to render.js so that we can load up our application logic. index.html Agora Electron Quickstart Agora Electron Quickstart Start Call Stop Call Local Feed: Remote Feed(s): Our Electron app has four files: index.html is the markup for our app’s elements, index.css handles the styling for our app, render.js contains the application logic for our video call and index.js handles the bootstrapping process of setting up Electron. The project uses electron-forge under the hood to get started with Electron with ease. You can now run npm start in the project root to start your app.src/render.js and enter the App ID that we generated as appId = “” On macOS run npm install or on Windows run npm install - arch=ia32 to install the app dependencies in the unzipped directory.Download and extract the ZIP file from the master branch.Make sure you have an Agora developer account, set up a project, and generate an App ID.You’ll need to have the LTS version of Node.js and NPM installed: This is the structure of the application that we’re building. For more information about token-based authentication in the Agora platform, see this guide. Note: This guide does not implement token authentication, which is recommended for all RTE apps running in production environments. It will be used to authorize your requests while you’re developing the application. (When prompted to use App ID + Certificate, select only App ID.) Retrieve the App ID. Navigate to the Project List tab under the Project Management tab, and create a project by clicking the blue Create button.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |