What Is A MITM Attack?

Date First Published: 27th June 2022

Topic: Cybersecurity

Subtopic: Threats To Systems, Data & Information

Article Type: Computer Terms & Definitions

Difficulty Level: 6/10

Learn more about what a MITM attack is in this article.

Stands for a man-in-the-middle attack. A MITM attack is a type of cyberattack where an attacker intercepts communications between the user and server and positions themselves in between the two parties transferring data. This allows the attacker to eavesdrop in order to steal sensitive information, such as passwords and card numbers, and modify information in the communications. For example, connecting to an unencrypted Wi-Fi network will make it easy for an attacker to perform a MITM attack.

Note:

Man-in-the-browser (MITB) attacks occur when attackers focus on browser infection and inject malicious proxy malware onto the victim's device.

Example Of A MITM Attack

MITM attacks work by attackers inserting themselves in the middle of data communications. Attackers usually install a packet sniffer to identify any insecure network traffic, such as a HTTP-based website. This will allow the attacker to retrieve the user information and redirect them to a fake information to capture their details once the user logs into the insecure website. An example of a MITM attack is:

1. Two users are communicating with each other over a network. However, an attacker wants to intercept the data transmission process to eavesdrop and deliver a false message to the receiver.
2. At first, the sender asks the receiver for their public key. If the receiver sends their public key to the sender, but the attacker is able to intercept it, a MITM attack can start.
3. Once the MITM attack starts, the attacker sends the sender a fake message that appears to come from the receiver. Instead, it is the attacker’s public key.
4. The sender, which believes the public key is from the receiver, encrypts the message with the attacker’s key and sends the enciphered message back to the receiver.
5. The attacker intercepts again and deciphers the message using their public key. They can alter the message if they want to, and they then re-encipher it using the public key they intercepted from the receiver when they originally tried to send it to the sender. When the receiver receives the recently enciphered message, they believe that it came from the sender rather than the attacker. This causes the sender to believe that it was a secure communication with the receiver when it was actually with an attacker.

How To Prevent MITM Attacks?

Authentication helps prevent MITM attacks. Security protocols used on the internet, such as TLS authenticate one or both parties using a trusted certificate authority. Some TLS certificates may encrypt data with a secret key that only the client and the server knows. Attackers will not be able to read or interfere with the encrypted data without knowing the secret key. Not connecting to unsecured or unencrypted Wi-Fi networks is also helpful for preventing MITM attacks.

Types Of MITM Attacks

In order for attackers to steal sensitive information, MITM attacks can be performed in all sorts of ways. These include:

• DNS spoofing - When an attacker places false information in the DNS resolver cache so that traffic is redirected to a fake website, often designed to capture login credentials.
• SSL hijacking - When an attacker uses another computer and a secure server to intercept all information that is travelling between the server and the end user’s computer. This allows an attacker to capture encrypted data.
• Wi-Fi eavesdropping - When an attacker tricks a user into connecting to a malicious Wi-Fi network. Attackers accomplish this by setting up Wi-Fi connections with names very similar to nearby networks.
• Session hijacking - When an attacker steals personal data and passwords stored inside the cookies of a user's browsing session.
• Internet Protocol (IP) spoofing - When an attacker modifies the source IP address of a website, email address, or device to hide the identity of it. This tricks users into believing that they are communicating with the real source when they are actually not. Instead, the information they share goes to the attacker.
• HTTP spoofing - When a browser session is redirected to an unsecured or HTTP-based website without the user’s permission, allowing an attacker to monitor communications and steal sensitive information through this redirection.
• ARP spoofing - When an attacker sends false ARP messages over a LAN, leading to an attacker’s MAC address to link to the IP address of a legitimate device on the network. Once the attacker’s MAC address is connected to the real IP address, the attacker will start to receive any data that is intended for that IP address.

Comments