A man-in-the-middle (MITM) attack occurs when someone sits between two computers (such as a laptop and a remote server) and monitors traffic. This person can monitor the communications between the two machines and steal information.
Man-in-the-Middle attacks are a serious security problem. Here's what you need to know and how to protect yourself.
The "beauty" (due to lack of a better word) of MITM attacks is that the attacker does not necessarily need to have access to your computer, either physically or remotely. He or she can just sit on the same network as you and quietly collect data. A MITM can even set up its own network and trick you into using it.
The most obvious way to do this is to sit on an unencrypted, public Wi-Fi network, such as at airports or cafes. An attacker can log in and, using a free tool like Wireshark, capture all packets sent between networks. He or she could then analyze and identify potentially useful information.
This approach is not as fruitful as it once was, thanks to the prevalence of HTTPS, which provides encrypted connections to websites and services. An attacker cannot decrypt encrypted data sent between two computers communicating over an encrypted connections HTTPS.
However, HTTPS alone is not enough. There are solutions which an attacker can use to invalidate it.
Using a MITM attack, an attacker could try to trick a computer into "degrading" its connection from encrypted to unencrypted. He or she can then monitor the movement between the two computers.
An "SSL stripping" attack may also occur, in which the person sits between an encrypted connection. It then captures and possibly modifies the traffic and then forwards it to an unsuspecting person.
Network-based attacks and Rogue wireless routers
Οι επιθέσεις MITM συμβαίνουν επίσης σε επίπεδο δικτύου. Μία προσέγγιση ονομάζεται ARP Cache Poisoning, στην οποία ένας εισβολέας προσπαθεί να συσχετίσει τη διεύθυνση MAC (hardware) του με τη διεύθυνση ip κάποιου άλλου. Εάν είναι επιτυχής, όλα τα δεδομένα που προορίζονται για το θύμα διαβιβάζονται στον εισβολέα.
DNS spoofing is a similar type of attack. DNS is the "directory" of the Internet. Links human-readable domain names, such as google.com, to numeric IP addresses. Using this technique, an attacker could forward legitimate queries to a fake website that checks them and then capture data or send malware.
Another approach is to create a malicious access point or place a computer between the end user and the router or remote server.
Overwhelmingly, people trust connections to public Wi-Fi hotspots too much. They see the words "free Wi-Fi" and don't think about whether someone is malicious hacker could be behind it.
Creating a malicious access point is easier said than done. There is even hardware that makes it incredibly simple. However, they are intended for legitimate information security professionals who conduct livelihood penetration testing.
Also, don't forget that routers are computers that tend to lack serious security. The same defaults passwords tend to be used and reused while the machines are not updated. Another possible attack method is a router into which malicious code has been inserted that allows a third party to execute a MITM attack remotely.
Malware and Man-in-the-Middle attacks
As we mentioned earlier, it is possible for an adversary to perform a MITM attack without being in the same locationeyeo or even on the same continent. One way to do this is with malware.
A man-in-the-browser (MITB) attack occurs when a Web browser is infected with malware. This is sometimes done through a fake extension, which gives the attacker almost unlimited access.
For example, one could handle a by clicking here to show something different from the actual website. He or she could also hack into active sessions on websites such as bank pages or social media pages and spread spam or steal money.
An example of this was SpyEye Trojan, which was used as a keylogger to steal credentials for websites. It could also fill out forms with new fields, allowing the attacker to capture even more personal information.
How to protect yourself
Fortunately, there are ways you can protect yourself from these attacks. Try not to use public Wi-Fi hotspots. Try to use only one network that you control, such as a mobile hotspot or a Mi-Fi.
Otherwise, a VPN will encrypt all traffic between your computer and the outside world, protecting you from MITM attacks. Of course, here, your security will be as good as the VPN provider you use, so choose carefully. Sometimes, it pays to pay a little more for a service you can trust. If your employer offers you a VPN when you travel, you should definitely use it.
To protect yourself from malware-based MITM attacks (such as your browser), do not install browser applications or extensions from untrusted sites. Disconnect from a site's sessions when you are done with what you are doing and install a trusted antivirus program.