What is a Man-In-The-Middle Attack?

Man in the Middle

The tech industry very seldom uses words or phrases that offer an accurate metaphor for what is going on. However, in the case of ‘man-in-the-middle’ attacks, they are literally what they sound to be.

When browsing the internet, sending email, or doing online banking or shopping – your experience will create the illusion that there is a direct connection between you and the organisation you are dealing with. When I log onto my credit card company for online banking, I see their website.

When I do online shopping, I see the store with whom I plan to buy from. When I receive email, it looks like it’s been sent straight to me. The speed by which data is transmitted and rendered again on my screen reinforces this illusion that I’m somehow directly connected to the source of where I’m browsing.

In fact, internet traffic is redirected many times before it reaches the recipient. Like an onion, there are lots of layers which are perhaps so subtle they appear invisible.

First, there is the browser that you are reading this article on. Whether it is Chrome, Internet Explorer/ Edge, Safari, or Firefox – it does the job of receiving the data in ‘hypertext’ format and rendering it to your screen.

Next, there is the device which you are using. The browser is pointing to www.dataphilos.com, but the device has networking protocols that direct this URL to a directory so it can be found.

Next there is the network you are connected to. Whether wired or wireless, this performs the function of routing the local traffic from devices in your home, office, or public space to the Internet Service Provider (ISP) who actually provides the internet access.

ISPs themselves act over telecommunications infrastructure. Telecommunications providers are regulated by governments. Treaties regulate the transatlantic cables, radio transmissions, and satellite links that connect the various points on the globe that we wish to connect with.

You might see quickly that this whole infrastructure depends on trust for it to operate. I trust that I’m using a reputable browser (right now, the one that Apple shipped with my device). I trust that the device I’m using hasn’t been tampered with (either physically or through being hacked). I trust the wifi network I’m using. I trust my ISP and the pipes they operate through. Most of all, I trust that the UK doesn’t interfere or otherwise censor with the information that I receive.

A man-in-the-middle attack is simply one where a bad actor inserts themselves into these layers of trust. It could be, for instance, a submarine tapping a transatlantic fibre optic cable. While fibre optic cables suffer from the weakness of being incredibly easy to tap into, they benefit from being physically very difficult to access, so such an attack is very unlikely.

Far more likely attack downstream. Your browser could be hijacked, malicious code could be redirecting traffic from your laptop to a hacker’s server somewhere, or indeed the network you are connected to might be compromised.

The attack I personally fear the most is the one where someone maliciously creates a fake wifi network that pretends to be the real one. Imagine you are travelling and staying in a hotel. You do a scan of available networks and “GUEST WIFI” appears in the list. You then connect to this and find you can freely surf the web. You are delighted at the simplicity and ease (and lack of cost)!

What you haven’t realised is that the hacker in the room next door is carefully monitoring your every click and key press. For the most part, they will simply give you the unadulterated access you are looking for, but where it comes to things like online shopping or banking, they may simply serve you a page that looks like the real thing but is really there to harvest your financial details.

Many savvy users these days use VPN services which provide a secure ‘tunnel’ to a trusted network infrastructure that means that even in the scenario of running over a compromised network, confidence can be retained that personal information won’t be captured. VPN access is easy to buy and set-up, but the sad truth is most internet users simply don’t bother.

This means the responsibility falls on the network provider to do everything they can to secure the user and reduce the risk of attack. This is by no means an exhaustive list, but some of the easy things companies can do are:

  1. Ensure wifi signals are strong across the entire space. Hackers will often exploit ‘dark’ spots.
  2. Password protect the wifi network itself so that traffic is encrypted. DO NOT simply rely on ‘walled garden’ access.
  3. Use sensible wifi network names. For a hotel to use ‘TP-LINK_AE24FE0’ as the wifi name is wholly unacceptable, as a hacker needs to simply create a network called ‘HOTEL WIFI’ and most users will willingly just switch networks, particularly if the signal strength is greater.
  4. Hire a penetration testing firm to expose weaknesses in public access infrastructure.
  5. Provide free wifi in public spaces. Paid wifi services simply encourage vulnerable users to scan around until they find a free service.

 

As a user remember, you are most vulnerable when on a wireless connection (of any type) and particularly when you are accessing data in a public space. Whether you are in the stands of a football stadium or sitting in the lobby of a well-known law firm – always try and use a VPN and if not, limit your activity to only the most essential and least confidential unless you can be absolutely certain that they have taken the advice above onboard.

7 emerging technologies eBook

Interested in the effects of technology on society?

Sign up and get a free copy of my ebook here:

Leave a Comment