The need to educate yourself on cybersecurity has never been greater. That said, only 20.7% of websites use HTTP Strict Transport Security even today. The majority of websites remain vulnerable to a range of cyber-attacks, such as a man-in-the-middle (MITM) attack.
MITM attacks allow perpetrators to eavesdrop on the communication between a user and an application while making it look as though the communication is proceeding as it should. The objective of a MITM attack is to collect valuable information, which may include your passwords or credit card details. Your information may be used for a range of illegal activities, such as initiating unauthorized fund transfers and identity theft.
How Does a Man-in-the-Middle Attack Work?
Whenever you want to open a webpage, you enter a URL and press Enter. However, a set of other processes occur on the backend when you do this. Your device sends an instruction to the website’s server via your router, and the server responds with relevant information and sends it to your device through the router.
This process allows MITM attackers to steal your information. In some cases, the attackers may even be able to manipulate the information. For instance, the attacker may redirect you to another web page created to collect your information.
Public Wi-Fi is more vulnerable to MITM attacks than your home router. An open network is inherently less secure because it needs to allow access for everybody in its range, unlike your home router that restricts access only to a few authorized users.
So, how do MITM attackers use public Wi-Fi to their advantage?
Attackers use tools to scan for flaws and vulnerabilities to look for a way to compromise the router. The attacker then tries to intercept and decrypt the data being transmitted on the network. There are a couple of ways to do this. Sniffing, for instance, involves the deployment of tools to inspect packets and extract information from unencrypted data.
Types of Man-in-the-Middle Attacks
There is more than one way for an attacker to obtain your device’s control. Following are the most common types of MITM attacks.
#1. IP Spoofing
All devices connect to the internet using an internet protocol (IP) address. Think of an IP address as something similar to the block number for your home address. An attacker could spoof an IP address and make you think as though you’re communicating with a website or a person, allowing them to intercept your data.
#2. DNS Spoofing
DNS (Domain Name Server) spoofing involves altering a website’s record within a DNS. This leads the user to a fake website. Not realizing this, the user interacts with the website as they normally would, and the attacker tries to collect the login credentials in the process.
#3. Wi-Fi eavesdropping
Attackers can set up a fake Wi-Fi network and give the network a name that looks legitimate, perhaps a name of a nearby store. When someone connects to the network, the attacker monitors the user’s activity to intercept credit card information, passwords, and other valuable information.
#4. Email Hijacking
Cybercriminals can sometimes gain access to a bank or financial institution’s email address. The attackers monitor a customer’s transactions and then spoof the bank’s email address to send a set of instructions. When the user follows these instructions, they’re essentially handing over their banking information to the attacker.
#5. HTTPS Spoofing
HTTPS (and not HTTP) is a hallmark of a secure website. A lock symbol accompanies an HTTPS website on the left of the website’s URL. HTTPS establishes an encrypted connection between you and the website’s server, which means it can’t be hijacked. However, attackers seem to have found a workaround.
They create another identical website with a slight modification in the URL. For instance, they could replace a letter in the original domain name with a character from the Cyrillic alphabet or other non-ASCII characters. When a user tries to visit a genuine website via a link, the attacker’s bogus website collects data from the user.
Real-life MitM Attack Example
DigiNotar was a Certificate Authority (CA) that went bankrupt after a man-in-the-middle attack that primarily targeted users located in Iran.
In short, a CA is responsible for issuing SSL certificates (indicated by a padlock in the URL bar) to websites. This helps us to know that the data we enter on that website is encrypted and safe without any unauthorized access. Most importantly, it tells us that the website we wanted to visit is original and not a parody.
However, on July 10, 2011, a cybercriminal was able to issue fraudulent certificates because of the technical negligence of a few of DigiNotar’s employees.
Reportedly, the bad actor issued 531 rogue SSL certificates, targeting well-known websites like Gmail, Skype, Microsoft, CIA, etc. On July 19, 2011, an internal audit revealed these discrepancies, and DigiNotar revoked (most) illicit certificates.
However, the internal evaluation could not catch a few SSL certificates, and some of them spoofed Gmail web portals. The issue was raised by an Iranian user complaining on Gmail forums in August 2011 who could not access his Gmail account. This was because the user was on Google Chrome which used additional checks to verify CAs issued for its own websites. So, when the user failed to log in, he/she posed in the Gmail forums, which later exposed this man-in-the-middle attack.
Reportedly, 298,140 unique IP addresses which tried to access Gmail were instead sent to the malicious lookalikes. Google blamed this on the associated CA, and the saga ended with the Dutch government taking DigiNotar under its control and later dissolving it.
Best Practices for Preventing Man-in-the-Middle Attacks
You may feel discouraged to use public Wi-Fi altogether, given the risk of a cyberattack. In all fairness, that isn’t a bad idea. As long as you have access to cellular data, you don’t need public Wi-Fi. If you need internet access on your laptop, create a hotspot. Just be sure to use appropriate security protocols so nobody can gain unauthorized access to your network.
However, if cellular data isn’t an option, and you must connect to public Wi-Fi, there are a few things you can do to protect yourself.
#1. Trust only HTTPS websites
HTTPS websites make it difficult for attackers to intercept data by encrypting it. HTTPS websites are still prone to MITM attacks with techniques like HTTPS spoofing or SSL stripping, but you can protect yourself by staying alert.
For instance, manually enter a URL instead of using links. When the website opens, ensure that the URL begins with “https://” and has a lock icon on the left of the URL bar. If an attacker did redirect you to a different website, you’ll at least know that you’re on an untrustworthy website.
#2. Use a VPN
A VPN (a virtual private network) offers a range of security benefits, including IP masking and strong encryption. While MITM attackers can still find ways to intercept data, a VPN can make things very difficult for them. Instead of putting in the extra effort, they are more likely to search for easier targets.
#3. Strong encryption and login credentials on your router
Using a strong encryption mechanism such as WPA2(AES) on your router prevents unauthorized access. Old router protocols like WEP make your router vulnerable to security threats. For instance, criminals could brute force their way into your router to execute a MITM attack.
In addition to strong encryption, you should also use strong passwords across the board. A strong password for accessing your router’s firmware is just as important as using a strong password for your Wi-Fi network.
If you use the manufacturer’s default login credentials for your router, you’re making it easy for an attacker to gain access. Once they have access, they could change the DNS servers or infect your router to execute MITM attacks.
#4. Stay vigilant against phishing attacks
A criminal could send you a fake email from your bank requesting you to “reactivate” your account or send a bogus invoice. When you use the link in the email, you may be prompted to enter sensitive information that will ultimately reach the attacker.
Fortunately, with a little vigilance, you can steer clear of phishing attacks. Always avoid opening attachments from suspicious emails and never enter your personal information on pop-up screens. Install a phishing filter on your browser and email applications to screen webpages as you open them.
Don’t let anyone Get in the Middle.
Man-in-the-middle attacks can happen to anyone, but with a little caution, you can thwart a criminal’s attempt to steal sensitive information. You don’t need to be a cybersecurity expert to stay safe online. Educating yourself about the best practices for staying on guard while you’re online goes a long way in keeping cybercriminals away.