Hang Up on Hackers: Protect Yourself from Mobile App Video Conferencing Vulnerabilities
Whether they’re attending regular work meetings or catching up with extended family across the globe, many people leverage video conferencing to better connect with others – a process that will likely continue as our world only becomes more digital. But as the rapid adoption of video conferencing tools and apps occurs, potential threats to online safety emerge.
Agora is one of these tools for connection. The company’s video conferencing software is included in apps like MeetMe, Skout, Nimo TV, temi, Dr. First Backline, and Talkspace, across more than 1.7 billion devices globally. According to McAfee Advanced Threat Research (ATR), Agora’s video software development kit (SDK) until recently included a vulnerability that could have allowed an attacker to spy on ongoing video and audio calls.
In accordance with McAfee’s safe vulnerability disclosure policy, ATR provided Agora with details of its thorough research into the issue so that the software developer could take action to address it with a software update.
But let’s take a look at what a vulnerability like this could mean for users.
Potentially Uninvited Video Attendees
So, how exactly could this vulnerability allow others to spy on private calls?
The McAfee ATR team discovered that the Agora vulnerability stemmed from an error of incomplete encryption – the process of converting information or data into seemingly random output to prevent unauthorized access. Agora’s SDK implementation did not allow applications to securely configure the setup of video/audio encryption, thereby leaving a potential for hackers to snoop on them.
Therefore, if exploited, this particular vulnerability could’ve allowed a criminal to launch man-in-the-middle attacks, which occur when a hacker secretly intercepts and possibly alters the communications between two unsuspecting users. Aka, they could spy on users’ private video calls.
Put Your Security on Speed Dial
The vulnerability discovery and mitigation cooperation between McAfee and Agora illustrates why it’s so important for threat researchers to work closely and constructively with app developers to make our digital lives as safe as possible.
As a consumer, however, it’s important to realize what exactly you’re getting into when downloading applications for video conferencing and other tools that help you stay connected.
While the security community encourages developers to write software code with security in mind, software apps tend to struggle with bugs and vulnerabilities in their early days. Consumers should by all means download and enjoy the hottest new apps, but they should also take steps to protect themselves from any undiscovered issues that might threaten them.
Here are a few tips that can help ensure your safety while connecting with others online:
Update, update, update!
It’s easy to click “Install later” when software updates pop up on your screen. However, these updates often come with security patches for vulnerabilities like the ones mentioned above. To ensure that your software and apps have the latest security fixes, update them immediately or select the option update automatically if available.
Avoid using vulnerable apps
Until a patch is created, you should operate under the assumption that a hacker could compromise your video calls. Avoid using vulnerable apps until developers make a software security update available to help protect your calls from being infiltrated.
Leverage Holistic Security Solutions
In order to protect yourself and your loved ones from potential risks, make sure you have a holistic security solution in place, such as McAfee Total Protection, which can help block risky downloads with McAfee WebAdvisor, protect you from malicious mobile apps, and help update Windows and your apps all in one place with Vulnerability Scanner.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.