What Is a Man-in-the-Middle Attack?
Man-in-the-middle (MITM) attacks were around before computers. This type of attack involves an attacker inserting themselves in between two parties communicating with each other. Man-in-the-middle attacks are essentially eavesdropping attacks.
To better understand how a man-in-the-middle attack works, consider the following two examples.
Offline Man-in-the-Middle Attack
An offline MITM attack sounds basic but is still used worldwide.
For example, someone intercepts your post, reads it, repackages it, and then sends it to you or your original recipient. Then, the same happens in reverse when the person responds to you, with the man-in-the-middle intercepting and reading your mail in each direction.
Properly performed, you won’t know there is a MITM attack taking place as the interception and data theft are invisible to you.
Taking over a communication channel between two participants is at the core of a man-in-the-middle attack.
It also opens up other avenues of deception for the attacker. If the attacker controls the means of communication, they could modify the messages in transit. In our example, someone is intercepting and reading the mail. The same person could modify your message’s content to ask something specific or make a request as part of their attack.
As the MITM controls your communication, they can then remove any later references to the question or the request, leaving you none the wiser.
Online Man-in-the-Middle Attack
An online man-in-the-middle attack works much in the same way, albeit with computers or other digital hardware in place of the old snail mail.
One MITM attack variant revolves around you connecting to the free public Wi-Fi in a café. Once connected, you attempt to connect to your bank’s website.
For the sake of our example, you then encounter a certificate error informing you that the bank’s website doesn’t have the appropriate encryption certificate. This alerts you to the fact something is wrong with the configuration of the bank website and that a MITM attack is underway.
Website security certificates help make the web more secure and safer for online transactions. Here’s how security certificates work.
However, many people simply click through this error message and access the banking website regardless. You sign into the banking portal, send some money, pay some bills, and everything seems fine.
Types of Man-in-the-Middle Attacks
There are several different types of MITM attack:
- Wi-Fi Spoofing: An attacker can create a fake Wi-Fi access point with the same name as a local free Wi-Fi option. For example, in a café, the attacker might mimic the Wi-Fi name or create a fake option named “Guest Wi-Fi” or similar. Once you connect to the rogue access point, the attacker can monitor your online activity.
- HTTPS Spoofing: The attacker tricks your browser into believing you’re using a trusted website, redirecting your traffic to an insecure website instead. When you enter your credentials, the attacker steals them.
- SSL Hijacking: When you attempt to connect to an insecure HTTP site, your browser can redirect you to the secure HTTPS option. However, attackers can hijack the redirect procedure, placing a link to their server in the middle, stealing your data and any credentials you enter.
- DNS Spoofing: The Domain Name System helps you navigate the internet, turning the URLs in your address bar from human-readable text to computer-readable IP addresses. A DNS spoof, then, forces your browser to visit a specific address under the control of an attacker.
- Email Hijacking: If an attacker gains access to the mailbox, or even an email server, of a trusted institution (such as a bank), they could intercept customer emails containing sensitive information or even begin sending email as the institution itself.