How to Prevent Man-in-the-Middle Attacks
In computer security, a MitM attack takes place when a cyber criminal intercepts, and often alters the data that's being sent back and forth by two parties who believe that they're exchanging information privately.
Here's a real-life example. Let's assume that John, who is on a break, chats with his wife Jane using a popular messaging app. John knows a thing or two about hackers, so he asks Jane to purchase a gift for his mom's birthday. He doesn't want to make the purchase himself, thinking that since he is using an open hotspot, his online banking account details may be intercepted.
Unfortunately, Black Mamba (aka 844) sits at a table in the same crowded cafe, only 20 feet away from John. 844 has set up his own hotspot, naming it Free_CafeXYZ_Internet, and many people connect to the network he's created, without knowing that they aren't using the cafe's free Wi-Fi. The hacker runs the Kali Linux OS on his laptop. That operating system has been created with cyber security professionals in mind, but is used by lots of cyber criminals as well.
Kali Linux comes with MITMf, a "one-stop-shop for Man-In-The-Middle and network attacks", according to its developer. The program supports active packet filtering and manipulation, allowing hackers to alter any type of data packet/protocol that has been intercepted.
844 begins his mischievous activity by running a simple ipconfig command to discover the victim's IP. Then, he gets the MAC address of John's network card. Through Address Resolution Protocol (ARP) spoofing, the attacker will send spoofed messages with the goal of associating his MAC address with John's IP address. If the attempt succeeds, all the data packets which were supposed to reach John's network card will be sent to 844 instead. As soon as the attack succeeds, MITMf opens a packet sniffer, which will start to capture all the data that is sent across the network.
From now on, the information sent by Jane which was supposed to reach John's phone will be sent to the hacker. It's the first phase of the MitM attack; 844 will be able to read the info, modify it, and then send it to the final destination. Since the attack is carried out at a low level, most users won't realize what is happening.
The cyber villain, claiming to be Jane, may send John a message like this: "The password doesn't work! What was it again?". We can all guess what will happen if John falls into the trap and sends the online banking account password.
So, how can we prevent Man-in-the-Middle attacks? Consultants know that tight cyber security begins with proper authentication. Most Internet protocols require some data exchange (public keys, etc.) before setting up a secure connection.
Banks and corporations have been using public key infrastructures such as Transport Layer Security (TLS) for over 20 years now. Websites that employ TLS make use of public keys which are generated by a Certificate Authority (CA), a trusted organization which issues cryptographic keys paired with digital certificates.
If the security certificate is issued by a CA, hasn't been revoked or changed recently, and looks the same when viewed from a pool of diverse IPs, then a trusted connection will be set up. And if both parties can validate each other's communication, most MitM attacks will fail.
Man-in-the-Middle attacks in progress can be stopped by making use of AI-powered tamper detection mechanisms. Increased latencies/response times may signal an attack, for example. Furthermore, network traffic can be analyzed to determine the potential source of the attack.
To stay safe, you should only connect to HTTPS sites - notice the "S" at the end. And it is always a bad idea to open email attachments, which may contain viruses that will make your device vulnerable to cyber attacks.
Don't use public Wi-Fi. If you really need to do that, connect to the desired sites by making use of a reliable Virtual Private Network (VPN). Don't trust the free VPN applications from the app stores; very few of them are 100% secure, and some of their makers have built those apps for the sole purpose of gathering, and then misusing or selling your data.
Discover the Intelligent Internet Data Solutions Provider. Our systems are easy to use, scalable and affordable.
