Man-in-the-middle attacks (MITM) are common types of security attacks that allow attackers to eavesdrop on the communication between two targets.
Basically, It is a cyber-attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
Let’s see an analogy:
Assume that there are three people chuck, bob, Alice. Alice and Bob are talking to each other but chuck wants to know what Alice and bob are talking about and also chuck wants to stay transparent. Here, chuck will impersonate bob to talk to Alice. Alice think’s she is talking to bob but in reality she is talking to chuck. Here chuck also send the message bob impersonating Alice. This way Chuck is sitting in between the conversation between Alice and bob and looking at all the conversation going on. From this chuck is able to eavesdrop the conversation between alice and bob while being anonymous.
Pictorial representation of what’s happening.
Now we know what is Man-In-The-Middle attack. Let’s see types of MITM attacks.
Type of MITM attacks.
There are total 7 types of Man-In-the-Middle attacks
- IP spoofing
- DNS spoofing
- HTTPS spoofing
- SSL Hijacking
- Email Hijacking
- Wi-Fi Eavesdropping
- Stealing Browser Cookies
Let’s discuss them one by one.
1. IP Spoofing
IP address spoofing is the act of falsifying the content in the Source IP header. By spoofing an IP address, an attacker can trick you into thinking you’re interacting with a website or someone you’re not, perhaps giving the attacker access to the information you’d otherwise not share.
2. DNS Spoofing
In DNS poisoning the attacker alters the DNS records so that it can route the user to a fake website or the website which is controlled by the hacker.
Hacker will intercept between the server and the user and change the user’s DNS every time the victim surf internet. Changing DNS means changing the destination IP address of the websites.
More details here.
3. HTTPS Spoofing
One common method of attack is called HTTPS spoofing, in which an attacker uses a domain that looks very similar to that of the target website. An attacker can fool your browser into believing it’s visiting a trusted website when it’s not. And redirect your browser to an untrusted website to collect information.
4. SSL Hijacking
Also known as SSL Striping is another form of man-in-the-middle attack happens when a hacker manages to stage an SSL stripping scheme against the victim.
In an SSL hijacking, the attacker uses another computer and secure server and intercepts all the information passing between the server and the user’s computer.
5. Email Hijacking
Email hijacking is another form of man-in-the-middle attack, in which the hacker compromises and gain access to a target’s email account. The attackers can then spoof the bank’s email address and send their own set of fake instructions to customers. This convinces the customer to follow the attackers’ instructions. As a result, an unwitting customer may end up putting money in the attackers’ hands.
6. Wi-Fi Eavesdropping
Also known as an “evil twin” attack, hackers perform Wi-Fi eavesdropping is a type of man-in-the-middle attack that tricks unsuspecting victims into connecting to a malicious Wi-Fi network.
Attackers listen to traffic on public or unsecured Wi-Fi networks, or they create Wi-Fi networks with common names to trick people into connecting so they can collect all sorts of information.
7. Stealing Browser Cookies/Session Hijacking
Session hijacking also known as cookie side-jacking is an exploitation of a valid computer session. It is another form of Man-In-the_middle attack which gives the hacker full access to the online account.
The session hijacking attack relies on the attacker’s knowledge of your session cookie. If the attacker has your session cookie they can use your account to do all sorts of things.
More Detailed blog over here.
These are the seven types of MITM attacks.
Now let’s see how to prevent these types of attack.
How to prevent MITM?
- Force HTTPS -HTTPS can be used to securely communicate over HTTP using a public-private key exchange. This prevents an attacker from having any use of the data he may be sniffing.
- Use end-to-end Encryption
- Only connect to secured Wi-Fi routers or use your wireless carrier’s encrypted connection.
- Be sure that your home Wi-Fi network is secure. Update all of the default usernames and passwords on your home router and all connected devices to strong, unique passwords.
- Be Aware of new things happening in cybersecurity.
checkout more blogs like this here.