A man-in-the-middle attack is when an attacker eavesdrops on communication between two parties when those parties believe that they are communicating exclusively with one another. In addition to simply observing the conversation, the “man-in-the-middle” (MITM) can actually modify the messages being sent - more specifically, intercepting and terminating the original message and sending a new one in its place. Most often, these attacks occur with the intent of stealing personal information, financial gain through compromising your credit card or bank account, or to spy on the victim. While such attacks are preventable with proper caution, they are dangerous due to their difficulty to detect.
In order to work, man-in-the-middle attacks require three individuals or entities - the person who has been compromised, the person or entity with whom they are trying to communicate, and the undetected attacker intercepting that communication.
The majority of MITM attacks occur through the attacker’s proximity to an unsecured or poorly secured Wi-Fi router, including most public Wi-Fi. Through the victim’s internet connection, the attacker is then able to observe or alter whatever activity you engage in while connected to that compromised router. This can include stealing personal or financial information as well as redirecting your traffic to a phishing website that installs malware on your computer, allowing the attacker to continue to eavesdrop on your activity even after you disconnect from the unsecured router. For this reason, it is important to avoid using public Wi-Fi without a VPN whenever possible, but particularly when visiting websites that include private information such as your bank account.
Malware installed via phishing is the other major tool that attackers use to execute MITM attacks. Say that you receive an email that appears to be from your bank, asking you to log in to your account to verify a piece of information. The man in the middle, the real sender of that email, is able to steal your login information, gain access to your bank account, and observe communication between you and your bank. If you then attempt to make an account transfer, the attacker will be able to alter that communication before it reaches your bank, without your knowledge, and change the account number to which the transfer is headed to their own. Similarly, the man-in-the-middle may send a prompt to update an app, and the "download" button will actually install malware instead of an update. The attacker can use this malware to obtain your personal information and possibly steal your identity.
While MITM attacks have existed since the 1980s, the attacks have grown more sophisticated and more difficult to detect over time. Now, there are even commercially available products that can be used to execute these attacks. The Hak5 Pineapple is an example of one of these products; while it is marketed as a highly effective penetration testing technology that can highlight a router’s vulnerability, it is often used by hackers to actually perform MITM attacks instead of helping companies make their products more secure. The existence of legal technology that can be used to execute nearly undetectable attacks makes it all the more important for everyone to be cautious and limit their risk of becoming a victim.
Avoid public Wi-Fi whenever possible. Unsecured, public Wi-Fi is the easiest way for attackers to compromise your connection, and this is how the majority of MITM attacks occur.
Ensure that your Wi-Fi at home is secured and protected by a strong password. Attackers can often compromise Wi-Fi routers that are protected only by a weak password.
Check that all websites you visit use HTTPS (as opposed to http://) The “S” stands for secure, and this means that the connection between your computer and the server is encrypted. This makes it far more difficult for attackers to compromise your privacy.
Beware of potential phishing. If you receive an email from your bank, credit card company, or another sensitive account, manually type in the URL instead of clicking the link provided in the email. Some attackers send phishing emails that look identical to real communication related to sensitive accounts, so avoiding links is a good idea even if emails appear to be legitimate.
Use a VPN. Along with all the other reasons why you should be using a VPN, a VPN makes it much harder for attackers to be able to intercept your online communication. Even if your Wi-Fi connection is secure, a VPN adds an extra layer of protection against attacks by preventing you from directly connecting to any Wi-Fi routers. We suggest you check out FreePN - a 100% private, open source, unlimited bandwidth VPN that is totally free to download and use!