An attack in the middle (MITM) occurs when someone sits between two computers (eg a laptop and remote server) and intercepts traffic. This person can eavesdrop on or even intercept communications between the two machines and steal information.
People in the middle attacks are a serious security problem. Here's what you need to know and how to protect yourself.
Two companies, Three & # 39; s a Crowd
The "beauty" (lack of a better word) of MITM attacks is that the attacker does not necessarily have to access your computer, either physically or remotely. He or she can only sit on the same network as you and silently trash data. An MITM can even create its own network and trick you into using it.
The most obvious way anyone can do this is by sitting in an unencrypted, public Wi-Fi network, like those at airports or cafes. An attacker can log in and with a free tool like Wireshark capture all packets sent between a network. He or she could then analyze and identify potentially useful information.
This strategy does not bear as much fruit as it once did, thanks to the deployment of HTTPS, which provides encrypted connections to websites and services. An attacker cannot decode the encrypted data sent between two computers communicating via an encrypted HTTPS connection.
HTTPS is not alone a silver bullet. There are work steps that an attacker can use to lift it.
Using a MITM, an attacker may try to trick a computer into "downgrading" its connection from encrypted to unencrypted. He or she can then inspect the traffic between the two computers.
An "SSL stripping" attack may also occur, where the person is seated between an encrypted connection. He or she then captures and possibly modifies the traffic and then forwards it to an unsuspecting person.
RELATED: It's 2020. Is public Wi-Fi still dangerous?
Network-based attacks and Rogue Wireless Routers
MITM attacks also occur at the network level. One method is called ARP Cache Poisoning, where an attacker tries to associate their MAC address (hardware) with someone else's IP address. If successful, all information intended for the victim is forwarded to the attacker.
DNS spoofing is a similar type of attack. DNS is the "directory" on the internet. It associates human-readable domain names, such as google.com, with numeric IP addresses. By using this technology, an attacker can forward legitimate questions to a fake website he or she is monitoring and then capture data or distribute malicious software.
Another approach is to create a rogue access point or place a computer between the end user and the router or remote server.
Overwhelmingly, people are far too confident when it comes to connecting to public Wi-Fi hotspots. They see the words "free Wi-Fi" and do not stop to wonder if a spoiled hacker could be behind it. This has been proven repeatedly with comical effect when people do not read the terms of some hotspots. For example, some require people to clean dirty festival latrines or give up their first-born child.
Creating a fake access point is easier than it sounds. There are even physical hardware products that make this incredibly easy. However, these are intended for legitimate information security professionals who perform penetration tests for living life.
Let's not forget that routers are computers that tend to have a careful security. The same default password is usually used and reused throughout the rows, and they also have dotted access to updates. Another possible attack attack is a router injected with malicious code that allows a third party to perform a remote MITM attack.
Malware and Man-in-the-Middle Attacks
As we mentioned earlier, it is fully possible for an opponent to perform a MITM attack without being in the same room or even on the same continent. One way to do this is with malware.
An attack-man-in-browser (MITB) occurs when a browser is infected with malicious security. This is sometimes done via a false extension, giving the attacker almost unimpeded access.
For example, someone can manipulate a web page to display something other than the real web site. He or she could also cut active sessions on websites such as banking or social media sites and spread spam or steal money.
An example of this was the SpyEye Trojan, which was used as a key logger to steal site references. It can also fill forms with new fields, allowing the attacker to capture even more personal information.
How to protect yourself
Fortunately, there are ways to protect yourself from these attacks. As with all online security, it will be constantly vigilant. Try not to use public Wi-Fi hotspots. Try to use only a network that you control yourself, such as a mobile hotspot or Mi-Fi.
If that does not work, a VPN will encrypt all traffic between your computer and the outside world and protect you from MITM attacks. Of course, here is your security just as good as the VPN provider you use, so choose carefully. Sometimes it is worth paying a little extra for a service you can trust. If your employer offers you a VPN when you travel, you should definitely use it.
To protect yourself from malicious software-based MITM attacks (such as man-in-browser type), practice good security hygiene. Do not install applications or browser extensions from sketchy locations. Log out of site sessions when you are done with what you do and install a solid antivirus program.
RELATED: Basic data security: How to protect yourself against viruses, hackers and thieves