Man in the Middle Attack
What it is?
This type of attack happens when a malicious actor introduce themselves in between you and the other systems/network you are communicating with.
Analogy
- Passive strategy – John and you are in a coffee shop having a conversation and the person in the booth behind you is listening in your conversation.
- Active strategy – John speaks another language and you use a translator to relay what you are trying to say. Then, the translator manipulates the conversation by introducing fake information in between you and John’s conversation. The purpose could be to change your perception of John in a negative way or to extract information making it sound like the request is coming from John.
How it can happen?
The most common way for a “Man in the Middle” attack to happen is on a public wifi access point. The malicious actor would create a hotspot or access point with a well known location’s name (Hyatt, Starbucks, LaFitness, etc.) with a stronger signal than the real access point. Then, when your system connects to it all your data first hop will be thru the attacker’s system and then eventually routed to your requested internet location.
Why should I care?
- Fake website credential entry forms can be used to steal your account’s user name and passwords
- Unencrypted traffic can be read by the attacker
- Encrypted traffic can be stored for offline decryption using stollen keys
- Encryption keys can be stored offline
- Your session key can be used to make the other system your conversation still happening after you disconnect
- Fake data can be introduced in the conversation between your system and the system your are communicating with
How can I protect myself?
- If you have to use a public internet access point use a VPN
- Turn WiFi off in your mobile device when not in use (This is why)
- Use your own mobile phone hotspot instead of the free wifi
- Do not select/check “Connect Automatically” on public wifi connections
