Man In The Middle Attack – The Rising Threat to Internet Users

February 15, 2016 / General Discussion

Online security has become a significant topic for all online businesses today. Though technology gear up in terms of security, there are new strategies being developed by the threat players. One of them is the man-in-the-middle attack (MITM).

It’s posing a serious threat to online security since the attacker can seize and deploy sensitive information in real time. A MITM is a snooping attack where the communications between two persons monitored and modified by an authorized party.

The monitoring is done by intercepting a public key message exchange. And then retransmitting with the replacement of the public key with its own.

Let’s look at some of the examples of man-in-the-attack –

The image above explains the man-in-the-middle attack. The image depicts the communication between the client and the server in the first part while in the second part. The attacker inserts himself/herself in between the flow of the traffic between the client and the server.

Now, the attack has interrupted the communication between the two endpoints and is ready to inject false information and capture the data transferred between them.

Below is another example that reveals the after-effects of a man-in-the-middle attack. Here the hacker is imitating conversations of both parties for gaining access to funds.

The attacker intercepts a public key and with the same he/she can transpose his own credentials to hoax persons on two sides to believe. That they are talking to each other in a secure environment.

How can you become a victim of the MITM attack?

While online shopping, generally you buy gifts from your phones, laptops, tablets, or PCs. You might be in a false belief that retailers are the only ones that are receiving your hard-earned money.

Cybercriminals are always on your track and especially during the holiday season. Let’s check out the ways how you may become a victim of an MITM attack.

Man-in-the-Browser

One of the most insidious types of MITM attack is the Man-in-the-Browser attack, also termed a banking Trojan. The common object behind this attack is financial fraud. This attack is possible with malware installed on the victim’s system.

The malware is capable of modifying online banking transactions, so the information displayed by the browser and the one actually sent to the bank isn’t the same. The user enables to view the intended transaction while the other transactions occur in secret which the account holder is completely unaware of. Bypassing encryption and escaping detection by antivirus programs makes it dangerous for the victim.

WiFi Eavesdropping

WiFi eavesdropping is one of the oldest and most common forms of MITM. In this attack, the WiFi connection of the user hijacked for spying on him. It possibly occurs in public WiFi connections like airports, coffee shops, or hotels but might also happen in the privacy of your home WiFi.

Hackers create fake WiFi node that mimics legitimate WiFi access point so that the victim tricked while connecting to them. The other way is by sniffing your website traffic over an unencrypted connection and finding things such as session cookies for hijacking your accounts.

Or simply hacking the user’s WiFi password for getting access is another way of WiFi eavesdropping.

Man-in-the-Mobile

This is the most rising way of MITM attack. Since mobile usage is growing, hackers have now started infecting mobile devices for capturing SMS traffic. The prime objective of this attack is to help hackers get access to two-factor authentication protection on an online account.

For this, the phone monitored for any incoming transaction authentication numbers (mTAN) and different types of transaction authentication codes sent by a financial institution.

As the number of banks and companies moving towards two-factor authentication increases for offering better security to their customers, more attackers will utilize mobile Trojans to break this protection. The attack is a big challenge for out-of-band authentication systems.

Man-in-the-Cloud

Consumers using file-sharing/ storage services like Google Drive, Dropbox, Microsoft OneDrive, etc. must be aware that it’s possible for cybercriminals to intrude on them for spying on their information or infecting their machines.

Exploiting the session management is the aim of a man-in-the-cloud attack. Regular login isn’t required for some cloud-based services i.e. when the online account synchronizes itself between two users – for instance when someone uploads a shared file.

Instead, some services give their users a “synchronization token” that verifies them automatically each time the user logs in.  Hackers can gain access, spread malware, steal files or even attempt to extort users by stealing or intercepting this token.

Man-in-the-App

All mobile apps aren’t secure as they need to be. In the summer of 2015, the popular Android app, Instapaper failed to follow “certificate validation” according to researchers done to ensure the security of communication with the user.

With the MITA, the attacker can insert a certificate signed by him and start communicating with the app directly. This is the point when the hacker can intercept the app data, impersonate the user on the app or steal information.

Man-in-the-IoT

No doubt the Internet of Things and smart appliances are relieving the manual work of people but these are even raising the potential for a new type of attack, man-in-the-IoT. The hacker can capture data from thermostats, TVs, appliances, and even cars.

These devices equipped with basic operating systems and Bluetooth or Internet connectivity but there’s no strong cyber-security inbuilt as the companies offering the products think that these devices won’t be attacked. However, one must remember that a device that’s networked potential target of an MITM attack.

Basic tips to follow to protect your data and devices from the MITM attack –

1. Ensure to use encrypted versions of websites (i.e. those starting with HTTPS). You can install a browser plugin like “HTTPS Everywhere” that seeks out HTTPS connections on any website visited and enforces it every time.

2. Avoid using unencrypted or free WiFi hotspots for any sensitive transactions.

3. Check whether your home WiFi router is using WPA2 encryption, not WEP, and reset the default password to a strong 15-plus character password.

4. Ensure your operating system, antivirus, and applications always updated.

5. If your browser is warning you that the website isn’t SSL certified, leave the site.

6. Stop using your home or work computer for online banking, instead use a dedicated laptop.

7. Ensure to set up two-factor authentication on all your key accounts such as banking and email.

8. Monitoring your accounts for any changes or unusual activity is quite important.

A man-in-the-middle attack is done with smart tricks and so, it’s quite hard to understand whether the attack has happened or not on your network. But following these simple tips would surely help you in protecting your network.