What is MiTM attack and How it works

When you request a page, the information travels from the server to your computer via a super-highway of cables, routers and computer switches that stretch the Internet across the world. Like highway robbers of old, modern attackers knows you are vulnerable at every “junction.” These spots are where your data can be intercepted, read and even altered.

What is MiTM attack ?

A man-in-the-middle attack is a procedure that allows an attacker to interpose between you and the computer you are communicating with to read the conversation or alter it. The procedure was extremely common before the massive switch to HTTP-Secure, and it is still common nowadays, although a little more complicated to carry out.
After targeting PCs for years, the omnipresent man-in-the-middle attacks have moved on to mobiles. On account of failing to assess the impact of these attacks, consumers connect their phones to public networks to stay connected, especially when on vacation.

The biggest threat arises from the slow detection rate. Users can’t always figure out if the network they are on is legitimate or if some is listening to the traffic, whether at the airport, hotel or coffee place down the street. Our internet addiction has also driven us to use the same device for both business and pleasure, automatically exposing ourselves to risks. End-users are the biggest threat to enterprises; once connected to an unreliable network corporate data, credentials or email could be leaked.

How MiTM attacks work

When two parties start a conversation, they typically establish a connection and exchange what are called public keys – keys used to encrypt conversations before they get sent across the wires. Let’s imagine Alice and Bob chatting on the web. When Alice reaches out to Bob, she sends her public key. Bob will encrypt all the messages for Alice with her public key. Bob in turn would also send Alice his public key. When Alice gets the encrypted message from Bob, she decrypts it with her private key and reads it.

Now imagine a third person between Alice and Bob. His name is Peter. Peter intercepts Alice’s public key as it travels to Bob and substitutes it with his own public key. He also intercepts Bob’s public key and substitutes it with his own as it travels to Alice. Now both Alice and Bob encrypt information with Peter’s public key and Peter can decrypt them with his own private key. After decryption, he reads the message, maybe alters it, then encrypts it with Alice’s public key intercepted in the first step and forwards the message to Alice. He proxies all communication to and from Bob or Alice and neither of them knows he’s listening.

Rogue or unprotected Wi-Fi networks are not the only entry point a hacker can use to launch a man-in-the-middle attack. Each time you go online and use a proxy service to anonymize your IP address or circumvent the restrictions at your workplace, remember that the proxy server normally acts as a man in the middle.

Your page visits and online activity like file transfers, financial transactions or emails can be captured by criminals through a hostile proxy server. You are exposing all your information to third parties.

VPN servers should safeguard your infrastructure by keeping your connection encrypted. Compromised or rogue VPN servers also could allow third parties to steal your data but, even worse, they can reroute your traffic and use your internet connection for illegal schemes. In the absence of a secure connection, by the time you figure out you’ve installed a malicious program or website it could be too late.

How to identify them

If you’re not tech-savvy, there’s not much you can do about this. Man-in-the-middle attacks are very difficult to detect, so prevention is better than cure.

If you’re on vacation and your phone automatically connects to a network, you could fall victim to a MitM attack. If asked to install a VPN app or accept a digital certificate, you’re on your way to a man-in-the-middle attack.  The easiest way t

Comments