The task of protecting the data was never an easy one. However, with the advent of internet viruses and hackers who are regularly developing new techniques to exploit or steal an individual’s data, the task has become a lot more difficult. There are cases where such attacks may not be as harmful to individual users. However, they can be a nightmare for financial institutions and the popular websites. The most common method to initiate a MITM attack is by uploading malware onto the user’s machine. However, the accuracy of this method is debatable as the method does not work sometimes.
What is the MITM attack
The Man in the Middle (MITM) attack is also known as the Bucket Brigade attack and the Janus attack. The hacker place themselves in between two parties and make them believe that it is a private conversation in between the two whereas the conversation is actually controlled by the hacker. However, a Man in the Middle (MITM) attack can only be successful when the hacker is successful in forming a mutual authentication in between both parties. This is where the SSL (Secure Sockets Layer) protocols become so important as they are used to authenticate the parties by using a mutually trusted authority for certification.
How does the MITM attack work
In the typical MITM attack, the hackers use a WiFi router to intercept user communications. The hacker uses a few malicious programs to assist him/ her to intercept the user communications which take place on the router. The basic process is that the hackers configure their laptops as a Wifi hotspot by choosing common names which are commonly used in public areas such as a coffee shop or a restaurant. Once a user reaches out to eCommerce sites using this WiFi, the hacker saves this information for later use. For example, two people want to converse while a third (hacker) wants to eavesdrop and have a false conversation with one of the two. It begins when the first person asks the other for the public key. If the second person provides this key to the first, the third person (hacker) uses this key to begin a conversation with the first person by providing the key which the second one gave. In this way, the first person easily believes that he/ she is actually having an authentic conversation while it is not at all true.
How to prevent MITM attacks
The best defence against a Man in the Middle attack is only on the router side as users can have no control over the security of their transactions. However, what they can have is an extremely strong level of encryption which goes a great way in enhancing the level of security for the referred transactions. In such cases, the clients request is only authenticated with the help of a digital certificate and only then is the connection established. Another method of prevention of these Man in the Middle attacks is by never connecting to open WiFi networks directly. By using plug ins such as ForceLTS and HTTPS Everywhere, the connection can be made much more secure.
You can follow any responses to this entry through the RSS 2.0 feed.
Leave your comment