An attack known as a man-in the-middle (MITM), is a cyberattack in which an attacker intercepts and manipulates communications between two parties. The attacker can “sit in between” the communication and can observe or alter data being transmitted. These attacks are difficult to detect as the parties involved may not be aware that they have been compromised.
There are many types of MITM attacks.
- ARP spoofing is a type of attack in which the attacker spoofs the Media Access Control (MAC), address of a device within the same network. The attacker sends a false ARP (Address Resolution Protocol), message to the target device, claiming that the attacker’s MAC addresses belong to the router or other trusted devices. The attacker can view and possibly alter all traffic from the target device.
- DNS spoofing is a technique that redirects the targeted’s traffic to a malicious site by falsifying Domain Name System (DNS records). The attacker’s DNS server will return the IP address for a malicious website to the target when the target attempts access a legitimate website. The malicious website redirects the target to the fake website. This may appear to be a legitimate website that tricks the user into giving sensitive information.
- SSL stripping: This attack involves an attacker downgrading an SSL connection (Secure Sockets Layer or TLS) to an unencrypted one. The attacker intercepts the request of the target to access a secure site and removes SSL or TLS encryption. The attacker then redirects the target to an unencrypted website that allows him to see and possibly alter traffic.
- Rogue access points: An attacker can set up a fake connection point to trick the target into joining it. A fake access point can mimic the appearance and name of a legitimate network access point. This makes it harder for the target to identify that they are connecting with a malicious network. Once the target has connected to the fake acces point, the attacker is able to view all traffic and possibly alter it.
- Bluetooth snooping is a type of attack that involves an attacker using a device in order to monitor and intercept Bluetooth communications between two devices. An attacker could set up their device to listen for Bluetooth communication and possibly intercept or alter data being sent.
- Email spoofing is a technique that allows an attacker to send an email that looks legitimate, but which is in fact fake. This type of attack can be used to trick the victim into clicking on malicious links or divulging sensitive information.
- Phone call spoofing is a type of attack that involves an attacker changing the caller ID on the victim’s phone using a technique known as “caller ID fraud”. This technique can be used to impersonate trusted callers and trick the victim into divulging sensitive information, or performing a desired action.
MITM attacks can be prevented by a combination technical safeguards such as encryption, authentication, and user education. Strong passwords are essential and two-factor authentication should be enabled whenever possible. Users should also be cautious when visiting unfamiliar websites and entering sensitive information online. Be aware of possible spoofed email and phone calls.