What is a man-in-the-middle (MITM) attack?

A man-in-the-middle attack is when a hacker inserts himself between two victims in communication and starts listening in on their data conversations, impersonating them, and gaining personal information. A hacker targets real-time conversations such as bank transactions of message transfers. A hacker intercepts data and sends and receives fabricated data without either victim knowing.

svg viewer

In the image shown above, the attacker inserts themselves within the communication between Alex and Bob by gaining access to the poorly secured WiFi network. They can achieve this by accessing open WiFi networks or those encrypted with poorly used passwords and old encryption modes.

As a part of the network, the hacker can look at all the data transferred between Alex and Bob. The messages to Alex are sent to Eve, Eve sends her fabricated messages to Bob, and vice versa.

This method can help gain access to the keys of both Alex and Bob if they share their keys via an unencrypted method. However, this is not the only type of man-in-the-middle attack.

Types of MITM Attacks

WiFi eavesdropping:

As described above, hackers attempt to gain access to private networks by breaking the security put in place by the WiFi router. The hacker can then look at all the communication taking place between users on that network.

Cookie hijacking:

The hacker steals the cookie Id of users and uses it to authenticate a website. Cookies store personal website data on a computer. This cookie authenticates a user so that the next time they access the site, the same credentials won’t have to be entered in again. By stealing cookies, the hacker can authenticate themselves into the browser as the victim.

IP spoofing:

A hacker impersonates an IP and tricks the victim into believing they are talking to someone else. This spoofing allows the hacker to gain access to information from the victim that they wouldn’t usually share.

DNS Spoofing: The hacker claims to be a domain name server and tries to redirect traffic from legitimate websites to bogus websites created by the hacker.

HTTPS Spoofing: The hacker redirects traffic to a fabricated page that has the correct HTTPS certificates. HTTPS makes the victim feel safe; so, they will share their credentials and information on that webpage.

Prevention

  • Ensure HTTPS is in the URL.
  • Look at the URL for spelling discrepancies and changed webpage layout.
  • Be wary of spam and phishing emails that install malware and redirect users to fake websites.
  • Always send encrypted data to avoid packet sniffing.
  • Be sure to encrypt your network with the most secure encryption schemes available (e.g., WPA2).
  • Never connect to public WiFi networks directly – use VPN to safely transmit data.
Copyright ©2024 Educative, Inc. All rights reserved