{"id":117544,"date":"2021-02-18T16:21:23","date_gmt":"2021-02-19T00:21:23","guid":{"rendered":"\/blogs\/?p=117544"},"modified":"2025-05-27T22:57:30","modified_gmt":"2025-05-28T05:57:30","slug":"beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/","title":{"rendered":"Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use"},"content":{"rendered":"<p>On February 17<sup>th<\/sup>, 2021, McAfee <a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dont-call-us-well-call-you-mcafee-atr-finds-vulnerability-in-agora-video-sdk\/\" target=\"_blank\" rel=\"noopener noreferrer\">disclosed findings<\/a> based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.\u00a0 As we disclosed the findings to Agora in April 2020, this lengthy disclosure timeline represents a nonstandard process for McAfee but was a joint agreement with the vendor to allow sufficient time for the development and release of a secure SDK. The release of the SDK mitigating the vulnerability took place on December 17<sup>th<\/sup>, 2020. Given the implications of <a href=\"https:\/\/youtu.be\/ApphMr2k5QE\" target=\"_blank\" rel=\"noopener noreferrer\">snooping and spying on video<\/a> and audio calls, we felt it was important to provide Agora the extended disclosure time. The affected users of Agora include popular voice and video messaging apps, with one notable application being the popular new iOS app known as Clubhouse.<\/p>\n<p>Clubhouse has made headlines recently as one of the newest players in the social networking sphere, rising in popularity after a series of high-profile users including Elon Musk, Kanye West and influencers in various geographies posted about the platform. <a href=\"https:\/\/en.wikipedia.org\/wiki\/Clubhouse_(app)\" target=\"_blank\" rel=\"noopener noreferrer\">Released in April of 2020<\/a>, Clubhouse quickly carved out a niche in Chinese social media as the platform to discuss sensitive social and political topics \u2013 perhaps aided by its invite-only approach to membership \u2013 and the spotlight shined on it by these key players further propelled it into viral status early this year. Perhaps unsurprisingly, the application was <a href=\"https:\/\/www.businessinsider.com\/china-ban-clubhouse-reports-social-app-users-avoid-government-censorship-2021-2\" target=\"_blank\" rel=\"noopener noreferrer\">blocked for use in China<\/a> on February 8<sup>th<\/sup>, 2021.<\/p>\n<p>Last week, Stanford Internet Observatory (SIO) <a href=\"https:\/\/cyber.fsi.stanford.edu\/io\/news\/clubhouse-china\" target=\"_blank\" rel=\"noopener noreferrer\">released research<\/a> regarding the popular Clubhouse app\u2019s use of Agora real-time engagement software and suggested that Agora could have provided the Chinese government access to Clubhouse user information and communications. \u00a0While the details of Stanford\u2019s disclosure focus on the audio SDK compared to our work on the video SDK, the functionality and flaw are similar to our recent disclosure, CVE-2020-25605.\u00a0 This includes the plaintext transmission of app ID, channel ID and token \u2013 credentials necessary to join either audio or video calls. We can confirm that Clubhouse updated to the most recent version of the Agora SDK on February 16<sup>th <\/sup>&#8211; just a day prior to our public disclosure.<\/p>\n<p>Despite the recent noise surrounding Clubhouse, the reality is that this application is just one of many applications that leverage the Agora SDK. Among others, we investigated the social apps eHarmony, Skout, and MeetMe, along with several widely-used healthcare apps, some of which have a significantly larger user base. For example, MeetGroup (comprised of several apps) reported approximately 18 million monthly users compared to Clubhouse, which had approximately 600k total users as of December 2020.<\/p>\n<h2>Data Points<\/h2>\n<p>We felt it was important to highlight these data points and are continuing to investigate these applications as well as monitor any potential instances of malicious actors exploiting this vulnerability. Given that Agora has released an updated SDK that fixes the call setup issues, vulnerable applications should have already switched to the secure calling SDK, thus protecting the sensitive audio and video call data as many claim to do. With that in mind, we decided to check back in with some of the Agora-based apps we previously investigated to confirm whether they had updated to the patched version. We were surprised to see many, as of February 18, 2020, still had not:<\/p>\n<table width=\"609\">\n<tbody>\n<tr>\n<td width=\"169\"><strong>App Name<\/strong><\/td>\n<td width=\"91\"><strong>Installs<\/strong><\/td>\n<td width=\"92\"><strong>App Version<\/strong><\/td>\n<td width=\"112\"><strong>App Version Date<\/strong><\/td>\n<td width=\"145\"><strong>Updated Agora SDK<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"169\">MeetMe<\/td>\n<td width=\"91\">50,000,000+<\/td>\n<td width=\"92\">14.24.4.2910<\/td>\n<td width=\"112\">2\/9\/2021<\/td>\n<td width=\"145\">Yes<\/td>\n<\/tr>\n<tr>\n<td width=\"169\">LOVOO<\/td>\n<td width=\"91\">50,000,000+<\/td>\n<td width=\"92\">93.0<\/td>\n<td width=\"112\">2\/15\/2021<\/td>\n<td width=\"145\">No<\/td>\n<\/tr>\n<tr>\n<td width=\"169\">Plenty of Fish<\/td>\n<td width=\"91\">50,000,000+<\/td>\n<td width=\"92\">4.36.0.1500755<\/td>\n<td width=\"112\">2\/5\/2021<\/td>\n<td width=\"145\">No<\/td>\n<\/tr>\n<tr>\n<td width=\"169\">SKOUT<\/td>\n<td width=\"91\">50,000,000+<\/td>\n<td width=\"92\">6.32.0<\/td>\n<td width=\"112\">2\/3\/2021<\/td>\n<td width=\"145\">Yes<\/td>\n<\/tr>\n<tr>\n<td width=\"169\">Tagged<\/td>\n<td width=\"91\">10,000,000+<\/td>\n<td width=\"92\">9.32.0<\/td>\n<td width=\"112\">12\/29\/2020<\/td>\n<td width=\"145\">No<\/td>\n<\/tr>\n<tr>\n<td width=\"169\">GROWLr<\/td>\n<td width=\"91\">1,000,000+<\/td>\n<td width=\"92\">16.1.1<\/td>\n<td width=\"112\">2\/11\/2021<\/td>\n<td width=\"145\">No<\/td>\n<\/tr>\n<tr>\n<td width=\"169\">eharmony<\/td>\n<td width=\"91\">5,000,000+<\/td>\n<td width=\"92\">8.16.2<\/td>\n<td width=\"112\">2\/5\/2021<\/td>\n<td width=\"145\">Yes<\/td>\n<\/tr>\n<tr>\n<td width=\"169\">Clubhouse<\/td>\n<td width=\"91\">2,000,000+<\/td>\n<td width=\"92\">0.1.2.8<\/td>\n<td width=\"112\">2\/16\/2021<\/td>\n<td width=\"145\">Yes<\/td>\n<\/tr>\n<tr>\n<td width=\"169\">Practo<\/td>\n<td width=\"91\">5,000,000+<\/td>\n<td width=\"92\">4.93<\/td>\n<td width=\"112\">1\/26\/2021<\/td>\n<td width=\"145\">No<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>With the context around censorship and basic privacy concerns, it will be interesting to see if these and many other apps using the vulnerable SDK update quickly, or even ever, and what kind of lasting effects these types of findings have on users\u2019 trust and confidence in social media platforms.<\/p>\n<p>For more on McAfee ATR\u2019s research into the Agora SDK, please see our <a href=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/dont-call-us-well-call-you-mcafee-atr-finds-vulnerability-in-agora-video-sdk\/\" target=\"_blank\" rel=\"noopener noreferrer\">technical research blog<\/a>.<\/p>\n<p>For information on how users can protect themselves when using such apps, please see our <a href=\"https:\/\/www.mcafee.com\/blogs\/consumer\/consumer-threat-notices\/hang-up-on-hackers-protect-yourself-from-mobile-app-video-conferencing-vulnerabilities\/\" target=\"_blank\" rel=\"noopener noreferrer\">consumer safety tips blog<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora,&#8230;<\/p>\n","protected":false},"author":1004,"featured_media":116899,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[5354,4927,5850],"class_list":["post-117544","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use | McAfee Blog<\/title>\n<meta name=\"description\" content=\"On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.\u00a0 As we\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.\u00a0 As we\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-19T00:21:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-28T05:57:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/02\/EverydayVulCampaign_BlogImageThumbnail_342X215.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"342\" \/>\n\t<meta property=\"og:image:height\" content=\"215\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Steve Povolny, Douglas McKee, Mark Bereza\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@spovolny\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Steve Povolny, Douglas McKee, Mark Bereza\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/\"},\"author\":{\"name\":\"Steve Povolny\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/210ec6c1c7e372f17c4b1109f06b8267\"},\"headline\":\"Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use\",\"datePublished\":\"2021-02-19T00:21:23+00:00\",\"dateModified\":\"2025-05-28T05:57:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/\"},\"wordCount\":653,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/02\/EverydayVulCampaign_BlogImageThumbnail_342X215.jpg\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/\",\"name\":\"Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/02\/EverydayVulCampaign_BlogImageThumbnail_342X215.jpg\",\"datePublished\":\"2021-02-19T00:21:23+00:00\",\"dateModified\":\"2025-05-28T05:57:30+00:00\",\"description\":\"On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.\u00a0 As we\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/02\/EverydayVulCampaign_BlogImageThumbnail_342X215.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/02\/EverydayVulCampaign_BlogImageThumbnail_342X215.jpg\",\"width\":342,\"height\":215,\"caption\":\"Mobile Conferencing Apps Carry Risks\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/210ec6c1c7e372f17c4b1109f06b8267\",\"name\":\"Steve Povolny\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/d83e09f6a46193cbf6406c6f30ba3fde\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/04\/steve_p_mcafee-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/04\/steve_p_mcafee-96x96.png\",\"caption\":\"Steve Povolny\"},\"description\":\"Steve Povolny is the Head of Advanced Threat Research for McAfee Enterprise, which delivers groundbreaking vulnerability research spanning nearly every industry. With more than a decade of experience in network security, Steve is a recognized authority on hardware and software vulnerabilities, and regularly collaborates with influencers in academia, government, law enforcement, consumers and enterprise businesses of all sizes. Steve is a sought after public speaker and media commentator who often blogs on key topics. He brings his passion for threat research and a unique vision to harness the power of collaboration between the research community and product vendors, through responsible disclosure, for the benefit of all.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/steve-povolny-595a776\/\",\"https:\/\/x.com\/spovolny\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/steve-povolny\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use | McAfee Blog","description":"On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.\u00a0 As we","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use | McAfee Blog","og_description":"On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.\u00a0 As we","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2021-02-19T00:21:23+00:00","article_modified_time":"2025-05-28T05:57:30+00:00","og_image":[{"width":342,"height":215,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/02\/EverydayVulCampaign_BlogImageThumbnail_342X215.jpg","type":"image\/jpeg"}],"author":"Steve Povolny, Douglas McKee, Mark Bereza","twitter_card":"summary_large_image","twitter_creator":"@spovolny","twitter_site":"@McAfee","twitter_misc":{"Written by":"Steve Povolny, Douglas McKee, Mark Bereza","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/"},"author":{"name":"Steve Povolny","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/210ec6c1c7e372f17c4b1109f06b8267"},"headline":"Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use","datePublished":"2021-02-19T00:21:23+00:00","dateModified":"2025-05-28T05:57:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/"},"wordCount":653,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/02\/EverydayVulCampaign_BlogImageThumbnail_342X215.jpg","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/","name":"Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/02\/EverydayVulCampaign_BlogImageThumbnail_342X215.jpg","datePublished":"2021-02-19T00:21:23+00:00","dateModified":"2025-05-28T05:57:30+00:00","description":"On February 17th, 2021, McAfee disclosed findings based on a 10-month long disclosure process with major video conferencing vendor Agora, Inc.\u00a0 As we","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/02\/EverydayVulCampaign_BlogImageThumbnail_342X215.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/02\/EverydayVulCampaign_BlogImageThumbnail_342X215.jpg","width":342,"height":215,"caption":"Mobile Conferencing Apps Carry Risks"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/beyond-clubhouse-vulnerable-agora-sdks-still-in-widespread-use\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Beyond Clubhouse: Vulnerable Agora SDKs Still in Widespread Use"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/210ec6c1c7e372f17c4b1109f06b8267","name":"Steve Povolny","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/d83e09f6a46193cbf6406c6f30ba3fde","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/04\/steve_p_mcafee-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/04\/steve_p_mcafee-96x96.png","caption":"Steve Povolny"},"description":"Steve Povolny is the Head of Advanced Threat Research for McAfee Enterprise, which delivers groundbreaking vulnerability research spanning nearly every industry. With more than a decade of experience in network security, Steve is a recognized authority on hardware and software vulnerabilities, and regularly collaborates with influencers in academia, government, law enforcement, consumers and enterprise businesses of all sizes. Steve is a sought after public speaker and media commentator who often blogs on key topics. He brings his passion for threat research and a unique vision to harness the power of collaboration between the research community and product vendors, through responsible disclosure, for the benefit of all.","sameAs":["https:\/\/www.linkedin.com\/in\/steve-povolny-595a776\/","https:\/\/x.com\/spovolny"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/steve-povolny\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/117544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/1004"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=117544"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/117544\/revisions"}],"predecessor-version":[{"id":214575,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/117544\/revisions\/214575"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/116899"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=117544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=117544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=117544"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=117544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}