SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
15 Sep 2014

What is a Man-in-the-Middle Attack?

The goal of most attackers, regardless of how they go about their business, is to steal user data.

That could be in small, discrete attacks on individual users or it could be in large-scale compromises of popular Web sites or financial databases.

The methods may change, but the aim is the same. In most cases, attackers first try to get some sort of malware onto user machines, as that’s the shortest route between them and your data. But if that isn’t feasible for some reason, another popular method of compromise is the man-in-the-middle attack. As the name suggests, this attack vector involves the attacker placing himself – or his malicious tools – between the victim and a valuable resource, such as a banking Website or email account. These attacks can be highly effective and quite difficult to detect, especially for users who aren’t aware of the dangers the attacks present.

Man-in-the-Middle Attack Definition

The concept behind the MITM attack is remarkably simple, and it is not limited to the computer data security or online worlds. In its simplest form, the attack requires only that the attacker place himself between two parties that are trying to communicate and that he is able to intercept the messages being sent and further have the ability to impersonate at least one of the parties. For example, in the offline world this could involve someone creating fake bills or invoices, placing them in a victim’s mailbox and then intercepting the checks that the victim attempts to mail back as payment. In the online world, the attacks are somewhat more complex, but the idea is the same. The attacker puts himself between the target and some resource that she is trying to reach. The attacker’s presence must remain unknown to both the victim and the legitimate resource he is impersonating in order for the attack to be successful.

MITM Attack Variants

The most common MITM attack involves an attacker using a WiFi router as the mechanism with which to intercept user communications. This can be done either by setting up a malicious router that appears to be legitimate, or by exploiting a flaw in the setup of a legitimate router in order to intercept users’ sessions on the router.

In the former scenario, an attacker could configure his laptop or other wireless device to act as a WiFi hotspot and give it a name commonly used in a public area such as an airport or coffee shop. Then, as users connect to the “router” and attempt to reach sensitive sites such as online banking sites or commerce sites, the attacker can capture their credentials for later use.

In the latter example, an attacker identifies a weakness in the configuration or encryption implementation of a legitimate WiFi router and then exploits that flaw in order to eavesdrop on communications between users and the router. This is the more difficult of the two scenarios, but can also be the more effective if the attacker is able to maintain persistent access to the compromised router for hours or days at a time. This gives him the ability to eavesdrop silently on sessions that the victims believe to be secure–say a session with a corporate email server–and gather large amounts of sensitive data.

A more recent variant of the MITM attack is what’s known as a man-in-the-browser attack. In this scenario, the attacker uses one of a number of possible methods in order to plant some malicious code on a victim’s machine that runs inside the browser. That malware then silently records the data sent between the browser and various target sites that the attacker has hardcoded into the malware. These have become more popular in recent years because the attack allows the attacker to target a larger group of victims and doesn’t require him to be in close proximity to the victim base.

Defenses

There are several effective defenses against MITM attacks, but nearly all of them are on the router/server side and give users no control of the security of the transaction. One such defense is the use of strong encryption between the client and the server. In this case the server can authenticate itself by presenting a digital certificate and then the client and the server can establish an encrypted channel through which to send sensitive data. But this relies on the server on the other end having such encryption enabled.

On the other end, users can protect themselves against some kinds of MITM attacks by never connecting to open WiFi routers or by employing a browser plug-in such as HTTPS Everywhere or ForceTLS that always establishes a secure connection whenever the option is available.

However, each of these defenses has limitations and there have been demonstrations of practical attacks such as SSLStrip or SSLSniff that can negate the security of SSL connections.
Tags:
MITM information leaks
Source:
Kaspersky Daily
2925
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015