Man-in-the-middle (MitM) attack assumes the possibility for an unwanted entity to intercept your voice calls and listen to the voice stream in both directions; hence the “middle” part of the term relates to someone who is capable of hearing both parties.
MitM attacks are used in practice to eavesdrop voice calls without ever being noticed. There is no 100% prevention for such a possibility and authorities and government agencies often resort to such interceptions.
ZRTP itself does not protect against MitM attacks; however, allows both parties in a call session to “detect” a MitM attack occurrence, or have occurred. In Secure Chat we call this “verification”: both participants in a call have the ability to read aloud to each other a shared string value, which is displayed at both ends. A mismatch in this value is an indicator for a MitM attack.
This is a simple, yet powerful form of protection also known as Short Authentication String (SAS) method. To avoid confusion with our backend component for Secure Phone, we will refer to SAS as a verification code.
At Secure Group, we always recommend you to verify your Secure Chat calls.