Categories: Security Tips

What is a Man-in-the Middle Attack? How Can We Stay Protected?

The term man-in-the-middle attack (MITM) – in cryptography and computer security – refers to the kind of attack where the attacker is in the middle of two communicating parties. The two parties are unaware of the presence of the middleman. So, this middleman acts by relaying and altering the communication happening between two parties in an uninformed and non consensual manner.

Eavesdropping is a common example of MITM attack. The attacker intercepts and relays the communication happening between two people who are using a private connection for interaction.

The attacker not only intercepts the verbal or non-verbal messages and transmits them but is even capable of tampering it by injecting new and fake ones into the original message.

Several cryptographic protocols include some sort of endpoint authentication such as TLS authentication in the web browsers. But the man-in-the-middle attacker has to impersonate both sides of the endpoint authentication protocols to successfully intercept the messages travelling to and fro over a network or communication line between two or more people.

One prominent example of MITM attack is the Equifax 2017 incident when Equifax had to withdraw its mobile phone apps after concerns were raised over MITM vulnerabilities.

Seven types of MITM attacks are:

  1. IP Spoofing
  2. DNS Spoofing
  3. HTTPs spoofing
  4. SSL hijacking
  5. Email hijacking
  6. WiFi-eavesdropping
  7. Stealing browser cookies

How is a man-in-the-middle attack executed?

The common method in which man-in-the middle attack is carried out is via phishing attacks, predominantly. It involves sending fraudulent messages or emails to targeted users. These phishing messages and emails appear to be coming from trustworthy sources.

Usually such mails and messages contain a malicious attachment or web link, which upon clicking leads to auto-downloading of malware onto the targeted device.

Once the malware is installed on the browser, it then begins data transmission occurring between the victim’s device and specific websites like banks to the cyber exploiter.

Protection against man-in-the middle attacks.

Here are few ways to safeguard your device, data, and connections against MITM attacks.

  • Ensure that the HTTPS protocol is present in the URL of any website you are visiting indicating a safe and secure site.
  • Beware of phishing emails and their attachments or links.
  • Avoid clicking on links coming via unknown emails. Even if you do need to open a link, type out the URL in the browser other than clicking or copy-pasting a link directly
  • Avoid connecting to public Wi-Fi routers directly.
  • Use a VPN service to encrypt your data and mask your identity.
  • Install an advanced internet security solution along with an effective firewall.
  • Keep your antivirus, OS, and other applications up-to-date always.
  • Protect your home Wi-Fi with unique passwords.


Adrian

View Comments

Recent Posts

Block Spotify Ads: Is it Worth and Legal? Useful Tips

As a Spotify Free user, you might feel like you want to block Spotify ads. This could be because they…

1 year ago

Hacked Spotify Account? Tips to Regain Access

As it is one of the most popular digital music, podcast, and video services, a hacked Spotify account may be…

1 year ago

Learn about Cracking. Essential Security Tips to Keep It Away

You may, or may not have heard about cracking. Either way, you should be aware of this threat, and learn…

1 year ago

What Is Victim Fraud Shame? Useful Tips to Fight Against It

Victim fraud shame is a very dangerous thing that may happen to those who become online victims. Some of them…

1 year ago

Five Steps to Stay Safe Online. Essential Security Tips

We assume that everybody wants to stay safe online. For this, some simple, still very important rules should be followed.…

1 year ago

How to Report Cybercrime? Become a Security Hero

Have you ever thought about how you could report Cybercrime? Maybe you or one of your friends became the victim…

1 year ago