Everything About Man-in-the-Middle (MITM) Attack

As the name suggests, Man in the Middle Attack is a type of Cyberattack that happens when a cybercriminal sits between two users. An intruder places himself between user and network to steal or distort data/information. In this attack, the attacker can either be a silent and quiet listener, an active user altering your data or even the person you are talking to. 

A MITM attack can happen to any network, whether internal or external, affecting any IP ports.

Mechanism of MITM

MITM is a type of attack where a hacker uses transit data to intercept, secretly rerouting traffic and changing the connection parameters between endpoints that don’t know they are compromised. So, they are hard to detect as it doesn’t affect the network directly.

Let’s see this with a scenario:

1. Imagine two persons X and Y are communicating on a confidential channel, and Z(hacker) silently break into their pipeline to listen to what they are talking
2. X passes a message to Y.
3. Z enters between and reads the message, which was supposed to be seen only by Y, without X or Y knowing.
4. Z(Hacker) changes the message causing harmful/unwanted results.

Signs of being Victim

Here are the signs which will tell you that we might have an unwanted guest:

• Always double-check for addresses in your address bar. If you see anything abnormal in the address bar, cross-check it, even a little one.

  For example: if you see https://spooFing.com instead of www.spoofing.com, take precautions.

• Continuously monitor for repeated disconnections. Attackers usually disconnect users to gain access over username and passwords whenever the user tries to re-login.
• So, always check out these signs of being a Victim.

Types of MITM Attacks

• Wifi-Eavesdropping

  WiFi-Eavesdropping is a type of MITM attack that traps unconscious users from login into malicious wifi Networks. To perform this type of attack, a hacker usually spreads a wifi network to a public location like Stations, Hospitals, Restaurant, etc., and names the web with similar public network ones. Some people usually keep their devices to auto-connect falls into the trap. Since the user is trapped, hackers can perform various MITM attacking techniques like SSL stripping attacks, forcing users to undergo multiple unencrypted websites. So, it is advised not to connect to the public network.

• Session Hijacking

  In Session Hijacking, any user in the session can be hijacked by the attacker and can lose control of the session. All of his data/information can easily be stolen. It can be done with sessions, but it is commonly seen in browser sessions on web applications. There are several ways to do session hijacking, but here are some common ways through which it can be achieved:

  • Session side jacking

  • Cross-site scripting (XSS)

    To prevent Session Hijacking, organizations use various encryptions in certificates using: SSL and TLS.

• HTTPS Spoofing

  In HTTPS, the word S stands for Secure. Attackers mostly take advantage of this only as the user thinks he is into the safeguard. Attackers put up HTTP websites whose domain looks very similar to the original one. In this tactic, known as “homograph attack,” attackers replace the character in the target domain with non-ASCII characters, which look very similar to the original field. The unsuspected user will not notice this slight difference and will fall into this trap easily.

How Encryption can prevent MITM Attacks

The most used way to prevent a MITM attack is by encrypting the process of communication.

The process works like this: when a server is transferring data, it provides a digital certificate for identifying the client. Then, the channel between client and server is encrypted.

In Encryption, a key is needed to encrypt and decrypt messages shared between Sender and Receiver. We will need that key to decipher the notes; the same is the case for attackers. Without that key, no one can access our information. There are two ways of encrypting data:

• Symmetric Encryption is a process that uses one encryption key for encrypting and decrypting messages, and the key is shared secretly between the sender and receiver. This method is widely used due to its high encryption speed, but the disadvantage is that we need a secure means to transfer the keys. If the hacker somehow gets the key, they can easily access our transmitted data. Symmetric Encryption is the most popular and widely used way to protect data.
• Asymmetric Encryption is a process that requires two keys, namely public and private keys, for encrypting data. The public key is open to all and is transmitted through an open channel, while the Private key is only known to the recipient and is used for decrypting data. The advantage of this Encryption is that it is more reliable and secure than symmetric, whereas the drawback is that it takes more time.

General practices for MITM Attack Prevention

Specific ways by which we can probably prevent MITM Attacks are:

1. By using Virtual Private Networks (VPN), we can prevent such attacks. VPNs are used within a local area network for creating a secure environment for sensitive information that is being used.
2. Avoiding Public Networks while doing sensitive work involving high risks. Avoid using Public Networks while doing transactions, online banking, and other tasks which include sensitive details.
3. Avoid using auto fill-ins on websites that are marked as unsecured. Never let any unsecured websites use your auto-filled usernames or passwords as it can be a high risk, and use multi-factor authentication wherever available.
4. By installing proper Anti-Virus and securing the network with Network Intrusion Detection System.
5. Always use Password Manager to protect your passwords.

Conclusion

MITM attack is a type of attack in which a Hacker places himself, in-between two users to steal and modify sensitive information. There are various ways a hacker can perform MITM attacks, such as WiFi-Eavesdropping, session hijacking, https spoofing, etc. We can use Encryption to prevent these attacks to some extent as encrypt messages are way more complex for anyone to read. Symmetric and Asymmetric Encryption are the two techniques by which we can ensure that the data transferred is protected. Following a set of instructions and some standard practices can somehow prevent us from being the target of these attacks.