https://snyk.io/wp-content/uploads/fundamentals-temp-image.png

Man-in-the-Middle (MITM) Attack

Web application security is a major concern for every business regardless of size or industry. One method utilized by hackers is to intrude on what is assumed to be private digital communication between individuals is the man-in-the-middle attack (MITM).

Like the party line phones of days gone by, a MITM attack puts an unauthorized intruder between two parties, listening in to an exchange of subject matter that may contain private discussions, email addresses, bank accounts, or other sensitive information.

What is a Man-in-the-Middle Attack?

Man in the middle attacks take place where the perpetrator intercepts communication between two parties, often even altering the exchange with their information. The intent is to appear as though the responses are among the two participants while the messages are actually being generated from the attacker.

MITM attacks are essentially electronic eavesdropping between individuals or systems. Of course, a successful man in the middle attack can only be completed if the attacker is effectively responding to both the sender and receiver such that they are convinced the information exchanged is legitimate and secure.

Even in cases where the parties eventually catch on that the responses do not appear relevant or sensible for the other party and discontinue the exchange, it could be too late if confidential information such as bank accounts or passwords were provided.

Man in the Middle Attack Example

There are various types of MITM attacks, used with different intent:

Personal MITM Attack

A malicious hacker sitting in a coffee shop and using public WiFi intercepts an exchange between two parties starting a financial transaction such as a balance transfer. By entering the conversation between these participants, the perpetrator intercepts the request for an account number and receives the response. 

The perpetrator then sends their account to the requestor and asks the source party for the password. By exchanging their information, or false values, they can receive the actual information from the parties and make balance transfers to their account.

Phony Access Point Attack

With the popularity of WiFi networks, unscrupulous MITM hackers are known to set up “rogue” access points near reputable stores or restaurants that offer public WiFi. 

When unsuspecting users search for available WiFi sites, they see the rogue site with a similar (but phony) name and log onto that network, which is the hacker’s access point or mobile hotspot. He can then intercept all activity taking place during that session. 

Business MITM attack

Through intercepting an exchange between a computer session and server, the man in the middle attack can observe and steal account and password information easily, using those values for penetrating business applications or logins to financial institutions.

Transactions that are susceptible to MITM attacks include:

  • Private person-to-person communications that individuals assume are secure
  • Login and authentication to financial institutions
  • Gaining access to login activity to other profitable websites such as e-commerce stores

Man in the middle attackers utilize a variety of approaches in connecting to victims for their unscrupulous efforts:

  • IP spoofing to fool users into thinking they’re interacting with a different person or website
  • HTTPS spoofing that makes users think they’re on a secure site – but they’re really connected to an imposter site
  • SSL hijacking where the thief intercepts activity to the secure server and reroutes it to their computer
  • Stealing browser cookies to capture secure information stored there

While there are additional methods, creative hackers are constantly seeking new ways to exploit websites and computer vulnerabilities.

How to Prevent Man in the Middle Attacks?

MITM attacks can be prevented by utilizing software tools and taking the proper precautions.

  • Never utilize public WiFi for website use that is intended to be secure
  • Utilize a secure VPN to eliminate MITM exposure to ensure that all information is encrypted and cannot be viewed
  • For home WiFi, never retain the default login/password values provided by the vendor as hackers know all the defaults for leading router manufacturers, and will try those values first when attempting to hack your home network
  • Never click links or open attachments in unexpected or suspicious emails. 
  • Scrutinize emails that appear to be from financial institutions you already do business with
  • For businesses, implement multi-factor authentication to make MITM attacks extremely difficult and success unlikely 

How to Detect Man in the Middle Attacks?

In many cases, MITM attacks can be detected through awareness:

  • Secure sites will always include the HTTPS designation (an exception would be if the MITM attacker has spoofed that address).
  • When connecting via WiFi, pay close attention to the network name and ensure it makes sense for your location
  • Click on the address bar lock symbol to identify the security certificate that’s in use and that the name and network make sense 

How Common are Man in the Middle Attacks?

MITM attacks are not as common as the more prevalent phishing or ransomware attacks, but estimates indicate that as much as 35% of attacks in 2019 were related to attempts at exploitation through MITM attacks.

July 7, 2020
| By Liran Tal