This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

is TLSV1 secure enough for my live camera

0

I recently purchased a live camera which allows me to view the live video from the phone in real time. To make sure it can protect my privacy well, I used wireshark to analyse the network traffic.

It uses TLSV1 to transfer the video data between the app and server.

1.I would like to know if TLSV1 is secure enough as there is already TLSV1.1 and TLSV1.2 in place. And if the connection needs to last for 30 mins in order to decrypt it?

2.The live camera caches the live video in order to play the video smoothly, is it possible for the hacker to get the cached data by the hacker even the transportation is in SSL?

alt text

asked 26 Mar '15, 19:48

Yang%20Alex's gravatar image

Yang Alex
1111
accept rate: 0%

One Answer:

1
  1. While SSLv2 and SSLv3 are demonstratively broken, TLSv1.0 as protocol is still safe if configured correctly. One issue with TLSv1.0 (BEAST) was in combination with cipher suites using the CBC mode, but this is largely mitigated by clients.
  2. TLS protects only the transport. Once the data reaches the end-user device, the security of the data depends on that device. That (cached) data could still be acquired by "the hacker" if he has access to your phone (for example, through a malicious application on the phone).

I suggest you to run your client through https://www.ssllabs.com/ssltest/ for a configuration check. You need to configure a DNS name to point to the external IP address of the camera. Only port 443 is supported via the web interface.

answered 29 Mar '15, 09:46

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%