Search

We are looking at the Man-in-the Middle-Attack


3 ways you can mitigate man-in-the-middle attacks]. (2021, April 22). 3 Ways You Can Mitigate Man-in-the-Middle Attacks. https://insights.samsung.com/2021/04/22/3-ways-you-can-mitigate-man-in-the-middle-attacks-3/


Let's talk about Man-in-the-Middle-Attacks (MITM), at their core, requires three participants. There is the victim, the entity with which the victim is trying to communicate, and the “man in the middle,” who is intercepting the victim’s communications. Critical to the scenario is that the victim is not aware of the man in the middle.


You can also think of a MITM as a general term for when a perpetrator positions himself in a conversation between a user and an application-either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.


The goal for these attacks generally is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required.


Information obtained during an attack like this could be used for many purposes, including identity theft, fund transfers that are unapproved or an illicit password change to take control of the account.


Let's break down the attack


Now, how does this play out in the real world? Let us imagine the following scenario: You receive an email that appears to be from your banking institution, asking you to login into your account to confirm your contact information. You click on a link in the email are taken to, what appears to you, the bank’s website, where you go and login and perform the requested task.


In such scenario, the man in the middle sent you the email, making it appear to be legitimate (This attack also involves phishing, getting you to click on the email appearing to come from your bank.) The attacker also created a website that looks just like your bank’s website, so you would not hesitate to enter your login credentials after clicking the link in the email. But when you do that, you are not logging into your bank account, you are handing over your credentials to the attacker.


In layman’s terms, a MITM attack is the equivalent of a mailman opening your bank statement, writing down your account details and then resealing the envelope and delivering it to your door.



There is a wide variety of methods to carry out MITM attacks. Some common techniques include:

  • Imitating an established internet protocol (IP) to trick users into providing personal information or spur a desired action, such as initiating a bank transfer or password change

  • Redirecting a user from a known destination to a fake website to divert traffic and/or gather login credentials and other personal information

  • Simulating a Wi-Fi access point to intercept any web activity and gather personal information

  • Creating illegitimate secure sockets layer (SSL) certificates, which give the appearance of a secure connection to users even though the connection has been compromised

  • Redirecting traffic to an unsecured website, which then gathers login credentials and personal information

  • Eavesdropping on web activity, including email, to gather personal information and inform further fraudulent activity, such as phishing attempts

  • Stealing browser cookies, which contain personal information


How to prevent the atack

Mitigation is the best defense against MITM attacks.

Blocking MITM attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for applications.

For users, this means:

  • Avoiding WiFi connections that are not password protected.

  • Paying attention to browser notifications reporting a website as being unsecured.

  • Immediately logging out of a secure application when it is not in use.

  • Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions.

In our rapidly evolving connected world, it is important to understand the types of threats that could compromise the online security of your personal information. Stay informed and make sure your devices are fortified with proper security.


The Future of MITM and the new Machine in the Middle Attack

A MITM attack can not only disrupt communications between humans, but also affect machine-to-machine communications that are vital to trusted communications on the Internet. For example, an IoT device like a virtual assistant typically shares information with a central server hosting content.


If you cannot trust the connections you make to websites and online services, you could be vulnerable to security risks such as fraud, impersonation, malware, and others. If your connected devices and objects cannot communicate securely and reliably, they may put you and your household at risk.


Adding MITM capabilities to parts of Internet infrastructure, sometimes with the aid of Internet service providers, allowed national security agencies to intercept and read bulk Internet traffic. If all traffic had been encrypted, it would have been more difficult for those agencies to access the content. After learning about these surveillance activities, major service providers took steps to encrypt their services, add end-to-end encryption, and turn on encryption by default.


MITM attacks not only break confidentiality and integrity – they can also disrupt Internet access. For instance, in 2012 a security agency’s attempted MITM attack in Syria broke a core part of the country’s Internet infrastructure, leaving Syrians without access to the global Internet.


In a world of constant changes and rapidly increasing technology breakthroughs, we need to try and keep on top of existing and new attacks. The best way for this, is to implement best security practices to our daily virtual life.


By

Francisco Cosio

Senior Security Engineer



References:

Fact Sheet: Machine-in-the-Middle Attacks - Internet Society

Machine-in-the-Middle (MitM) BLE Attack - Black Hills Information Security (blackhillsinfosec.com)

What is MITM (Man in the Middle) Attack | Imperva

What Is a Man-in-the-Middle Attack (MitM)? - Definition from IoTAgenda (techtarget.com)

man-in-the-middle attack (MitM) - Glossary | CSRC (nist.gov)

What is a man-in-the-middle attack? (norton.com)

What is a Man-in-the-Middle Attack? + MITM Attack Prevention (crowdstrike.com)


26 views0 comments

Recent Posts

See All