Man In The Middle Attack – The Rising Threat to Internet Users

By | February 15, 2016

MITM_IMG

Online security has become a significant topic for all online businesses today. Though technology is gearing up in terms of security, there are new strategies been developed by the threat players. One of them is the man-in-the-middle attack (MITM). It’s posing a serious threat to online security since the attacker can seize and deploy the sensitive information in real-time.

A MITM is a snooping attack where the communications between two persons is monitored and modified by an authorized party. The monitoring is done by intercepting a public key message exchange and then is retransmitted with the replacement of public key with its own.

Let’s look at some of the example of man-in-the-attack –

The image above explains the man-in-the-middle attack. The image depicts the communication between the client and the server in the first part while in the second part, the attacker inserts himself/herself in between the flow of the traffic between the client and the server. Now, the attack has interrupted into the communication between the two endpoints and is ready to inject false information and capture the data transferred between them.

Below is another example that reveals the after effects of man-in-the-middle attack. Here the hacker is imitating conversations of both parties for gaining access to funds. The attacker intercepts a public key and with the same he/she can transpose his own credentials to hoax persons on two sides to believe that they are talking to each other in secure environment.

How can you become a victim of the MITM attack?

While online shopping, generally you buy gifts from your phones, laptops, tablets or PCs and you might be in false belief that retailers are the only ones that are receiving your hard-earned money. Cyber criminals are always on your track and especially during the holiday season. Let’s check out the ways of how you may become a victim of MITM attack.

Man-in-the-Browser

One of the most insidious types of MITM attack is the Man-in-the-Browser attack, also termed as a banking Trojan. The common object behind this attack is financial fraud. This attack is possible with malware that has been installed on the victim’s system. The malware is capable of modifying online banking transactions, so the information displayed by the browser and the one actually sent to the bank isn’t the same. The user is enable to view the intended transaction while the other transactions occur in secret which the account holder is completely unaware of. Bypassing encryption and escaping detection by antivirus programs makes it dangerous for the victim.

WiFi Eavesdropping

WiFi eavesdropping is one of the oldest and most common form of MITM. In this attack, the WiFi connection of the user is hijacked for spying on him. It possibly occurs in public WiFi connection like airport, coffee shop or hotel but might also happen in the privacy of your home WiFi. Hackers can create fake WiFi node that mimics a legitimate WiFi access point so that the victim can be tricked while connecting to it. The other way is by sniffing your website traffic over an unencrypted connection and finds things such as session cookies for hijacking your accounts. Or simply hacking the user’s WiFi password for getting access is another way of WiFi eavesdropping.

Man-in-the-Mobile

This is the most rising way of MITM attack. Since the mobile usage is growing, hackers have now started infecting mobile devices for capturing the SMS traffic. The prime objective of this attack is to help hackers get an access to a two-factor authentication protection on online account. For this, the phone is monitored for any incoming transaction authentication numbers (mTAN) and different types of transaction authentication codes sent by a financial institution. As the number of banks and companies moving towards two-factor authentication increases for offering better security to their customers, more attackers will utilize mobile Trojans to break this protection. The attack is a big challenge for out-of-band-authentication systems.

Man-in-the-Cloud

Consumers using file-sharing/ storage services like GoogleDrive, Dropbox, Microsoft OneDrive, etc. must be aware that it’s possible for the cybercriminals to intrude them for spying on their information or infecting the machine. Exploiting the session management is the aim of man-in-the-cloud attack. Regular login isn’t required for some cloud-based services i.e. when the online account synchronizes itself between two users – for instance when someone uploads a shared file. Instead some services give their uses a “synchronization token” that verifies them automatically each time the user logs in.  Hackers can gain access, spread malware, steal files or even attempt to extort users by stealing or intercepting this token.

Man-in-the-App

All mobile apps aren’t secure as they need to be. In summer 2015, the popular Android app, Instapaper failed to follow “certificate validation” according to researchers which is done to ensure the security of communication with the user. With the MITA, the attacker can insert a certificate signed by him and start communicating with the app directly. This is the point when the hacker can intercept the app data, impersonate the user on app or steal information.

Man-in-the-IoT

No doubt internet of Things and smart appliances are relieving  the manual work of people but these are even raising the potential for a new type of attack, man-in-the-IoT. The hacker can capture data from the thermostats, TVs, appliances and even cars. These devices are equipped with basic operating systems and Bluetooth or Internet connectivity but there’s no strong cyber-security inbuilt as the companies offering the products think that these devices won’t be attacked. However, one must remember that a device that’s networked is potential target of MITM attack.

Basic tips to follow to protect your data and devices from the MITM attack –

  • 1. Ensure to use encrypted version of websites (i.e. those starting with HTTPS). You can install a browser plugin like “HTTPS Everywhere” that seeks out HTTPS connections on any website visited and enforces it every time.
  • 2. Avoid using unencrypted or free WiFi hotspots for any sensitive transactions.
  • 3. Check whether your home WiFi router is using WPA2 encryption, not WEP, and reset the default password to a strong 15 plus character password.
  • 4. Ensure your operating system, antivirus and applications are always updated.
  • 5. If your browser is warning you that the website isn’t SSL certified, leave the site.
  • 6. Stop using your home or work computer for online banking, instead use a dedicated laptop.
  • 7. Ensure to setup a two-factor authentication on all your key accounts such as banking and email.
  • 8. Monitoring your accounts for any changes or unusual activity is quite important.

Man-in-the-Middle attack is done with smart tricks and so, it’s quite hard to understand whether the attack has happen or not on your network. But following these simple tips would surely help your in protecting your network.