March 23, 2019 at 11:53 #2303
A MitM (man-in-the-middle) attack is when an invader intercepts communication between two components, either to listen in secret or to modify the traffic flowing between the two parties. Attackers can use man-in-the-middle attacks to snip the persons’ login credentials or essential vital personal information, infiltrate on the victim or disrupt corrupt communications or data.
Although one can protect against MitM attacks through encryption, active attackers will divert traffic to intended phishing web sites designed to appear legitimate or pass traffic to their desired destination once it has been collected or registered, which means that the uncovering of such MitM attacks is exceptionally tricky.
How do they work?
MitM attacks probably the first-born forms of cyber-attack. Various computer experts and scientists have been looking for ways to avert threat agents from altering or listening to communications channel since the start of the 1980s.
The attacks comprise of placing between the two-party connection and manipulating or observing traffic. It could be done by interfering with authentic networks or forming corrupt systems that have control of the attacker. The compromised traffic route is then exposed to any encryption to steal it, change it or re-direct it to the destination chosen by the attacker. Because attackers can silently observe or re-encrypt captured traffic to the planned source once it is registered or diluted, it can be a severe attack to detect.
MitM attacks encompass a wide range of practices, techniques and probable results according to its objective. One example is the SSL attack. Here, the attackers launch an HTTPS connection among the server and themselves with an insecure HTTP connection. The information is then sent without encryption and in plain text.
There are some other examples including the Evil Twin attack, which is a reflection of valid Wi-Fi hotspots but are adequately controlled by malevolent people, who has the ability to collect, monitor, or operate all information sent by the user.
Particularly in the banking sector, an attacker can sense when a requester is making a transaction and change the required destination bank account number to a bogus account, which would look like the destination account for the amount that is sent. Threat players could use MitM attacks to collect login credential or personal information. If the attacker senses that baking apps are being updated or downloaded, they can send counterfeit upgrades that deploy the malware instead of genuine ones. The EvilGrade exploit kit was explicitly designed to attack poorly protected updates. Mobile devices are predominantly vulnerable to such un-protected scenario.
While these physical or Wi-Fi network attacks often require a certain level of proximity to the victim or the target network, the attackers can also compromise the routing protocols remotely. While attacks are carried out through wired or Wi-Fi networks, MitM attack can be performed with fake mobile phone towers. It has been observed that law enforcement utilities in the United States, the United Kingdom, and Canada use phony cell phone towers to collect information.
Various Researcher studies including research from at the ETH Zurich, Technical University of Berlin, and others found various flaws in the AKA (authentication and key agreement) protocols mostly used in mobile 3G and 4G technologies and intended to be used in next-generation 5G technology implementations, which could lead attackers to perform MitM attacks.
The frequency of MitM attacks?
Although not as regular as phishing attacks or ransomware, MitM is a threat that is always present for organizations. The IBM X-Force Threat Intelligence Index 2018 report said that 35% of exploitative action involved attackers trying to perform MitM attacks. The specific figures though are hard to obtain.
The increased adoption of secure HTTPS and the number of warnings in the browser have decreased the possible occurrence of MitM attacks. The Electronic Frontier Foundation stated in 2017 that half of all Internet traffic is now secured and encrypted. Google in its own research found that more than 90% of traffic is now encrypted in some countries.
Prevention of MitM attacks
Although MitM flaws are sporadically revealed, TLS encryption protocols are the best possible way to counter MitM attacks. For user safety, it is advisable not to use open Wi-Fi or public Wi-Fi in public places, as they are easier to falsify than smartphone connections. Wherever possible use Virtual Private Network to ensure safe and secure connections.
Quantum cryptography has the potential to provide reliable protection against MitM attacks If it grows into the commercially available technique shortly. With quantum cryptography, it is tough to replicate quantum information as the technology provides a robust indicator if there is a violation in the traffic.
Is the IoT the next in the line?
Various market researchers and analysts forecast that connected devices linked to the Internet could multiply in billions over the next five to ten years. The lack of safety and common standards in many of these IoT devices mean that growth in the Internet of Things could bring an increase in MitM attack.
Recent research by the OpenSky and Ponemon Institute revealed that 61% of security professionals in the United States say they find it difficult to control the spread of IoT connected devices within their enterprises, while 60% say they cannot avoid security vulnerabilities and data violations related to IoT.
What do you think, do let us know with your comments?March 23, 2019 at 17:34 #2319
I have always looked at people who put stickers to cover there web cams as an extra paranoid people until I have realized that people can actually get access to your web cam and mic to hear and and see what you do.
great article keep raising the awareness!
May 7, 2019 at 11:50 #2984
- This reply was modified 7 months, 3 weeks ago by ta89.
It’s been featured on our medium: https://medium.com/@cybersecurecentral/mitm-attacks-how-they-work-and-how-to-prevent-them-from-our-forums-8f9267c6a293May 13, 2019 at 15:25 #3083
Its always good to be extra safe when it comes to internet. MitM is not a new thing but it became a huge thing now days.
Sometimes People login into a random Wi-Fi hotspots without really thinking much about it or clicking on links from emails they don’t know and some people don’t understand the danger of it. We have to think more than twice about it, this kind of attacks can make you lose your money, what’s worse is people losing their trust on you.
getting your info leaked or used by a stranger, spying on your daily life, and knowing all the information about your life style and maybe your secrets and that can be used against you.