Protecting our data online will never be an easy task, especially these days when attackers regularly invent new methods and exploits to steal your data.Sometimes their attacks will not be as harmful to individual users. But large-scale attacks on some popular websites or financial databases can be very dangerous. In most cases, attackers first try to inject malware onto a user’s computer. Sometimes this technique doesn’t work, however.
Image source: Kaspersky.
- What is a man-in-the-middle attack
- How it works
- Protection against man-in-the-middle attacks and tools
What is a man-in-the-middle attack
A popular method is the man-in-the-middle attack . It is also known as the Bucket Brigade Attack or sometimes the Janus Attack in cryptography. As the name suggests, an attacker keeps himself between two parties, making them believe that they are talking directly to each other through a private communication, when virtually the entire conversation is controlled by the attacker.
A man-in-the-middle attack can only be successful when an attacker forms mutual authentication between two parties. Most cryptographic protocols always provide some form of endpoint authentication, in particular to block MITM attacks on users. Protocol Secure Sockets Layer (SSL) is always used to authenticate one or both sides with a mutually trusted certification authority.
How it works
Let’s say there are three characters in this story: Mike, Rob, and Alex. Mike wants to chat with Rob. Meanwhile, Alex (the attacker) prevents the conversation from eavesdropping and false conversation with Rob, on behalf of Mike. First, Mike asks Rob about his public key. If Rob gives his key to Mike, Alex intercepts, and that’s how the man-in-the-middle attack begins. Alex then sends Mike a fake message that allegedly belongs to Rob but contains Alex’s public key. Mike easily believes that the received key really belongs to Rob, when it is not true. Mike innocently encrypts his message with Alex’s key and sends the converted message back to Rob.
In the most common MITM attacks, the attacker mainly uses the WiFi router to intercept the communication with the user. This technique can be used by using a router with some malware to hijack user sessions on the router. Here, the attacker first configures his laptop as a WiFi hotspot, choosing a name commonly used in public places like an airport or coffee shop. When a user connects to this malicious router to access websites such as online banking or commercial sites, the attacker registers the user’s credentials for later use.
Protection against man-in-the-middle attacks and tools
Most effective MITM protections can only be found on the router or server side. You will not have any special control over the security of your transaction. Instead, you can use strong encryption between the client and server. In this case, the server authenticates the client’s request by presenting a digital certificate, and then a single connection can be established.
Another way to prevent such MITM attacks is to never connect directly to open WiFi routers. If you want, you can use a browser plugin like HTTPS Everywhere or ForceTLS. These plugins will help you establish a secure connection when the option is available.