How Men-In-The-Middle (MITM) attack is making the internet vulnerable
Sathish Balakrishnan
Senior Vice President | Global Delivery Head | Digital Services | SaaS | Customer experience(CX) | Cloud Transformation | AI Strategy Advocate | MBA | DXMVP
As the internet becomes a part of life, threats and vulnerabilities are increasing exponentially. The attackers use different methods to exploit and gain access to our data. Men in the Middle attack is one such technique commonly used to gain control over your data and devices. Let’s see MITM in detail with examples, various techniques that are used, and how we can prevent ourselves from these attacks.?
What is a Men-In-The-Middle (MITM) attack?
MITM is a common type of eavesdrop attack in which the attackers interrupt the conversation between two parties (mostly a user and an application) to steal personal information like credentials, SSNs, credit card numbers, and account details. The gathered information is used for identity theft, selling in the dark market, or gaining access to your accounts.?
In a simple analogy, MITM is similar to that of your mailman opening your bank statement, noting down your account details, resealing the envelope, and dropping it in your mailbox. Neither the bank nor you have any idea that your information is jeopardized.?
A typical scenario of MITM is that of an attacker scanning the vulnerability in the network traffic by installing packet sniffers; when they find any user using the vulnerable network, they mimic the responses or intercept the requests and gain access to the personal data. For example, if you are chatting with your bank on a non-SSL platform in a public network, the attacker can gain access to the system and try to collect your password, SSN, and account details.??
Various Techniques used in the MITM
Sniffing:?This is a process of stealing data by capturing network packets using packet analyzer software. The packet analyzer software, when used in an unsecured environment, will expose the raw data to attackers. The attackers use this data to gain access to your personal data by using other techniques like social engineering.?
领英推荐
Packet injection: Packet injection is a technique in which the attacker injects malicious packets into the normal communication flow. For example, when you search for something on google, the results can be altered with some scripts, so search results include some malicious links.
Session Hijacking: Most websites use sessions to store the authentication tokens to avoid requesting the password on every page the user navigates. The attackers can gain access to these tokens when you access the website in a public network and gain access to your sessions to steal the information.?
SSL Stripping: HTTPS is a common way to transfer data safely on the internet. The S in the HTTPS stands for secure. In an SSL stripping attack, the attackers alter the HTTPS request to an HTTP request, so they have access to the sensitive information which is transferred in plain text.??
Address Resolution Protocol (ARP) Cache Poisoning: ARP process translates the machine address to an IP address in the local network. Attackers can inject false information and make computers to think that the attackers’ computer is the network gateway. Now every request in that network will funnel through the attacker’s computer, but from the user’s perspective, they will not see any difference, so they continue to share the confidential information with the attacker.?
Wi-Fi Eavesdropping:?Attackers create a Wi-Fi network with common names in public places and trick users into connecting to the network to steal their credentials, credit cards, and personal information.?
How to prevent MITM?