A man-in-the-middle attack (MITM) occurs when someone is between two computers (such as a laptop and an external server) and intercepts the traffic. This person can eavesdrop or even intercept communication between the two machines and steal information.
Man-in-the-middle attacks are a serious security concern. Here's what you need to know and how to protect yourself.
Two & # 39; s Company, Three & # 39; sa Crowd
The "beauty" (for lack of a better word) of MITM attacks is that the attacker doesn't necessarily need to have access to your computer, both physically and remotely. He or she can simply be on the same network as you and quietly slurp data. An MITM can even create its own network and entice you to use it.
The most obvious way for someone to do this is to be on an unencrypted public Wi-Fi network, such as that at airports or cafes. An attacker can log in and capture all packets sent between a network using a free tool like Wireshark. He or she could then analyze and identify potentially useful information.
This approach is not bearing as much fruit as it used to, thanks to the prevalence of HTTPS, which provides encrypted connections to websites and services. An attacker cannot decrypt the encrypted data sent between two computers communicating over an encrypted HTTPS connection.
However, HTTPS alone is not a panacea. There are workarounds an attacker can use to overcome them.
Using an MITM, an attacker could attempt to trick a computer into "downgrading" their connection from encrypted to unencrypted. He or she can then inspect the traffic between the two computers.
An "SSL stripping" attack can also take place, where the person is between an encrypted connection. Then he or she captures the traffic and modifies the potential, then forwards it to an unsuspecting person.
RELATED: It's 2020. Is Public Wifi Still Using Dangerously?
Network Attacks and Rogue Wireless Routers
MITM attacks also occur at the network level. One approach is ARP Cache Poisoning, where an attacker tries to match his or her MAC (hardware) address to someone else's IP address. If successful, all data intended for the victim will be forwarded to the attacker.
DNS spoofing is a similar type of attack. DNS is the & # 39; phone book & # 39; from the internet. It associates human-readable domain names, such as google.com, with numeric IP addresses. By using this technique, an attacker can forward legitimate questions to a fake site he or she manages, then capture data or deploy malware.
Another approach is to create a fraudulent access point or place a computer between the end user and router or remote server.
Overwhelmingly, people rely too much on connecting to public Wi-Fi hotspots. They see the words & # 39; free wifi & # 39; and don't think if there's a nefarious hacker behind it. This has been proven repeatedly with comic effect when people don't read the terms and conditions on some hotspots. For example, some demand that people clean dirty festival latrines or give up their firstborn child.
Making a fraudulent access point is easier than it sounds. There are even physical hardware products that make this incredibly easy. However, these are intended for legitimate information security professionals who conduct penetration testing for a living.
Also, let's not forget that routers are computers that usually have poor security. The same default passwords are usually used and reused across entire lines, and they also have patchy access to updates. Another possible attack route is a router injected with malicious code that allows a third party to perform a MITM attack from afar.
Malware and Man-in-the-Middle Attacks
As we mentioned earlier, it is quite possible for an opponent to perform an MITM attack without being in the same room or even the same continent to be. One way to do this is with malicious software.
A man-in-the-browser (MITB) attack occurs when a web browser is infected with malicious security. This is sometimes done via a bogus extension, which gives the attacker almost unimpeded access.
For example, someone could manipulate a web page to show something other than the real site. He or she could also hijack active sessions on websites such as banking or social media pages and spread spam or steal money.
An example of this was the SpyEye Trojan, which was used as a keylogger to steal login credentials for websites. It can also fill forms with new fields, allowing the attacker to capture even more personal information.
How to protect yourself
Fortunately, there are ways you can protect yourself from these attacks. As with all online security, it comes down to constant vigilance. Try not to use public Wi-Fi hotspots. Try to use only a network that you manage yourself, such as a mobile hotspot or Mi-Fi.
If that fails, a VPN will encrypt all traffic between your computer and the outside world and protect you from MITM attacks. Of course, your security here is only as good as the VPN provider you use, so choose carefully. Sometimes it is worth paying a little extra for a service you can trust. If your employer offers you a VPN during your trip, you should definitely use it.
In order to protect yourself from malware-based MITM attacks (such as the man-in-the-browser variant), you must apply good security hygiene. Do not install applications or browser extensions from sketchy places. When you are done with what you are doing, log out of website sessions and install a solid antivirus.
RELATED: Basic Computer Security: How to Protect Yourself from Viruses, Hackers and Thieves