all InfoSec news
Spoofing DTLS-SRTP key exchange
July 3, 2022, 2:35 p.m. | /u/Striker0073
Privacy & Freedom in the Information Age www.reddit.com
I was having a read about how DTLS-SRTP key exchange can be tapped/mimt since certificates cannot be authenticated.
I came across this article:
https://www.gremwell.com/blog/dtls-srtp#terminating-dtls-with-srtp-extension
Does this mean that Wire, Threema and similar apps that end to end encrypt SDP messages containing the thumbprint of the certificate used to secure the RTP stream can be man in the middle attacked?
Thank you.
More from www.reddit.com / Privacy & Freedom in the Information Age
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Security Engineer, Incident Response
@ Databricks | Remote - Netherlands
Associate Vulnerability Engineer - Mid-Atlantic region (Part-Time)
@ GuidePoint Security LLC | Remote in VA, MD, PA, NC, DE, NJ, or DC
Data Security Architect
@ Accenture Federal Services | Washington, DC
Identity Security Administrator
@ SailPoint | Pune, India