Researchers have found a severe security vulnerability in the popular video calling software development kit (SDK) Agora.io. Agora is a video, voice, and live interactive streaming platform. It allows developers to embed voice and video chat, real-time recording, interactive live streaming, and real-time messaging into their apps. The company’s SDKs are estimated to be embedded into mobile, web, and desktop applications across more than 1.7 billion devices globally.
The bug is the consequence of incomplete encryption; it could have been leveraged by bad actors to launch man-in-the-middle attacks and intercept communications between two parties.