all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Spoofing DTLS-SRTP key exchange

Add to bookmarks
July 3, 2022, 2:35 p.m. | /u/Striker0073

Privacy & Freedom in the Information Age www.reddit.com

Hello everyone,

I was having a read about how DTLS-SRTP key exchange can be tapped/mimt since certificates cannot be authenticated.

I came across this article:

https://www.gremwell.com/blog/dtls-srtp#terminating-dtls-with-srtp-extension

Does this mean that Wire, Threema and similar apps that end to end encrypt SDP messages containing the thumbprint of the certificate used to secure the RTP stream can be man in the middle attacked?

Thank you.

dtls exchange key privacy spoofing

Visit resource

More from www.reddit.com / Privacy & Freedom in the Information Age

Message History of 600 Million Discord Users Can be Accessed For $5 2 hours ago | www.reddit.com
can discord history message +1
spy.pet added a optout page 3 hours ago | www.reddit.com
privacy
Google is doxing my full legal address and name on google play store. 4 hours ago | www.reddit.com
address app developer doxing +16
Who is better across their products in privacy: Apple or Google or Microsoft? 6 hours ago | www.reddit.com
apple clear docs edit +10
Microsoft will now urge you to ditch local accounts on Windows 10 12 hours ago | www.reddit.com
accounts local microsoft privacy +2
Using whatsapp (like most of the world does, unfortunately) can get you targeted and killed … 15 hours ago | www.reddit.com
can idf privacy whatsapp +1
Cops can force suspect to unlock phone with thumbprint, US court rules 15 hours ago | www.reddit.com
can cops court phone +3
A real privacy law? House lawmakers are optimistic this time 16 hours ago | www.reddit.com
house law lawmakers privacy +2
EU tells Meta it can't paywall privacy 17 hours ago | www.reddit.com
can meta paywall privacy

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Security Engineer, Incident Response

@ Databricks | Remote - Netherlands
View on infosec-jobs.com

Associate Vulnerability Engineer - Mid-Atlantic region (Part-Time)

@ GuidePoint Security LLC | Remote in VA, MD, PA, NC, DE, NJ, or DC
View on infosec-jobs.com

Data Security Architect

@ Accenture Federal Services | Washington, DC
View on infosec-jobs.com

Identity Security Administrator

@ SailPoint | Pune, India
View on infosec-jobs.com
View more jobs