Tag Archives: Man-In-the-Middle Attacks

What Are Man-in-the-Middle Attacks and How Can I Protect Myself From Them?


By Vic Hargrave

In my October 23 blog, I mentioned that iOS 4.3.4 was susceptible to a man-in-the-middle attack that was later corrected in iOS 4.3.5. These attacks are frequently mentioned in the security literature, but many of you may still be wondering what they are exactly and how they work. With this article, I’ll explain what man-in-the-middle attacks are and how you can avoid falling prey to them.

How the Attack Works

To see how man-in-the-middle attacks work, consider the illustration below. Network traffic normally travels directly between two computers that communicate with each other over the Internet, in this case the computers belonging to User 1 and User 2.

The man-in-the-middle attack uses a technique called ARP spoofing to trick User 1’s computer into thinking that it is communicating with User 2’s computer and User 2’s computer into thinking that it is communicating with User 1’s computer. This causes network traffic between the two computers to flow through the attacker’s system, which enables the attacker to inspect all the data that is sent between the victims, including user names, passwords, credit card numbers, and any other information of interest.Man-in-the-middle attacks can be particularly effective at cafes and libraries that offer their patrons Wi-Fi access to the Internet. In open networking environments such as these, you are directly exposed to computers over unencrypted networks, where your network traffic can be readily snatched. 

How to Avoid Being Attacked

In practice, ARP spoofing is difficult to prevent with the conventional security tools that come with your PC or Mac. However, you can make it difficult for people to view your network traffic by using encrypted network connections provided by HTTPS or VPN (virtual private network) technology.

HTTPS uses the secure sockets layer (SSL) capability in your browser to mask your web-based network traffic from prying eyes. VPN client software works in a similar fashion – some VPNs also use SSL – but you must connect to a VPN access point like your company network, if it supports VPN. To decrypt HTTPS and VPN, a man-in-the-middle attacker would have to obtain the keys used to encrypt the network traffic which is difficult, but not impossible to do.

When communicating over HTTPS, your web browser uses certificates to verify the identity of the servers you are connecting to.  These certificates are verified by reputable third party authority companies like VeriSign.

If your browser does not recognize the authority of the certificate sent from a particular server, it will display a message indicating that the server’s certificate is not trusted, which means it may be coming from a man-in-the-middle-attacker. In this situation you should not proceed with the HTTPS session, unless you already know that the server can be trusted – like when you or the company you work for set up the server for employees only.

If you want to dive into the technical details and learn more about the tools used to carry out a man-in-middle attack, I recommend watching the YouTube video – Man In The Middle Attack – Ethical Hacking Example created by the InfoSec Institute.

In the meantime, use HTTPS and VPN in public networks and stay away from web servers you don’t trust.

I work for Trend Micro and the opinions expressed here are my own.

For more tips and advice regarding Internet, mobile security and more, just “Like” Trend Micro Fearless Web Facebook page!

Bram Bonné: Your Smartphone is Leaking Your Information

Bram Bonné is a PhD student in computer science at the Expertise Centre for Digital Media at Hasselt University, where he specializes in computer security and privacy. During his PhD, he developed an interest in privacy-sensitive information leaking from smartphones and laptops. Bonné  summarizes the basic Wi-Fi technology hackers exploit for “man-in-the-middle” attacks. He explains how your personal information is available to anyone tracking Wi-Fi traffic and some steps you can take to make these type of attacks more difficult.