McAfee uncovers vulnerability in telehealth kit
McAfee’s Advanced Threat Research (ATR) team has uncovered a new vulnerability in video calling software used by telemedicine providers.
The security issue was discovered in Agora, a video calling software development kit (SDK) included in healthcare apps like Dr. First Backline, Talkspace and temi, and used across more than 1.7 billion devices globally.
According to McAfee, Agora’s SDK until recently included a vulnerability that could have allowed an attacker to spy on ongoing video and audio calls. The McAfee ATR team discovered that this stemmed from an error in incomplete encryption. Agora’s SDK implementation did not allow applications to securely configure the setup of video/audio encryption, leaving a potential for hackers to snoop on them.
If exploited, this particular vulnerability could’ve...