What is a Man-in-the-Middle attack?

A man-in-the-middle (MITM) attack occurs when someone sits between two computers (such as a laptop and a remote server) and monitors traffic. This person can monitor communications between the two machines and steal information.

 

Man-in-the-Middle attacks are a serious security problem. Here's what you need to know and how to protect yourself.

The "beauty" (due to lack of a better word) of MITM attacks is that the attacker does not necessarily need to have access to your computer, either physically or remotely. He or she can just sit on the same network as you and quietly collect data. A MITM can even set up its own network and trick you into using it.

Ο πιο προφανής τρόπος να το κάνει κάποιος είναι να κάθεται σε ένα μη κρυπτογραφημένο, δημόσιο δίκτυο Wi-Fi, όπως σε αεροδρόμια ή καφετέριες. Ένας εισβολέας μπορεί να συνδεθεί και, χρησιμοποιώντας ένα δωρεάν εργαλείο όπως το , to capture all packets sent between a network. He or she could then analyze and identify potentially useful information.

This approach does not work as well as it once did, thanks to the predominance of HTTPS, which provides encrypted links to websites and services. An attacker could not decrypt the encrypted data sent between two computers communicating over an encrypted HTTPS connection.

However, HTTPS alone is not enough. There are solutions that an attacker can use to cancel it.

Using a MITM attack, an attacker could try to trick a computer into "degrading" its connection from encrypted to unencrypted. He or she can then monitor the movement between the two computers.

An "SSL stripping" attack may also occur, in which the person sits between an encrypted connection. It then captures and possibly modifies the traffic and then forwards it to an unsuspecting person.

Attacks with the network and wireless rogue routers

MITM attacks also occur at the network level. One approach is called ARP Cache Poisoning, in which an attacker tries to associate the MAC address () with someone else's IP address. If successful, all data intended for the victim is transmitted to the attacker.

DNS spoofing is a similar type of attack. DNS is the "telephone book" of the Internet. It associates human-readable domain names, such as google.com, with numeric IP addresses. Using this , an attacker can forward legitimate queries to a fake website that controls them and then capture data or deliver malware.

Another approach is to create a malicious access point or place a computer between the end user and the router or remote server.

Overwhelmingly, people rely heavily on connections to public Wi-Fi hotspots. They see the words "free Wi-Fi" and do not think if a malicious hacker could be behind it.

Creating a malicious access point is easier said than done. There is even hardware that makes it incredibly simple. However, they are intended for legitimate information security professionals who conduct livelihood penetration testing.

Also, do not forget that routers are computers that tend not to have serious security. The same default passwords tend to be used and reused while the machines are not updated. Another possible attack method is a router into which malicious code has been inserted that allows a third party to execute a MITM attack remotely.

Malware and Man-in-the-Middle attacks

As mentioned earlier, it is possible for an opponent to carry out a MITM attack without being in the same room or even on the same continent. One way to do this is with malware.

A man-in-the-browser (MITB) attack occurs when a Web browser is infected with malware. This is sometimes done through a fake extension, which gives the attacker almost unlimited access.

For example, one could manipulate a web page to show something different from the actual site. He or she could also hack active sessions on sites such as banking or social media pages and spread spam or steal money.

An example of this was SpyEye Trojan, which was used as a keylogger to steal credentials for websites. It could also fill out forms with new fields, allowing the attacker to capture even more personal information.

How to protect yourself

Fortunately, there are ways you can protect yourself from these attacks. Try not to use public Wi-Fi hotspots. Try to use only one network that you control, such as a mobile hotspot or a Mi-Fi.

Otherwise, a VPN will encrypt all traffic between your computer and the outside world , protecting you from MITM attacks. Of course, here, your security will only be as good as the VPN provider you use, so choose carefully. Sometimes, it's worth paying a little extra for a service you can trust. If your employer offers you a VPN when you travel, you should definitely use it.

To protect against MITM attacks based on malicious pre(like your browser), don't install apps or browser extensions from places you don't trust. Log out of a website's sessions when you're done with what you're doing and install a reliable antivirus program.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).