Defense Against the Dark Arts – Protecting Yourself from Man-in-the-Middle Attacks
- July 27, 2023
- Posted by: admin
- Category: Blog
As much as we love using free Wi-Fi in public places like coffee shops or restaurants, cyber criminals may enjoy using these connections even more. It’s important to understand the risks and defenses against hackers when using Wi-Fi in these atmospheres, whether it’s messaging friends, making purchases, and especially working with any sensitive information. Hackers can exploit and view your actions in these scenarios through a Man-in-the-Middle (MITM) attack.
MITM explained
In this form of attack a hacker will position themselves in the middle of two points. When someone is sitting at a coffee shop and connects to free Wi-Fi there, their laptop, phone or similar device could be considered the first point and the Wi-Fi router as the second point.
The positioning of the bad actor can be obtained through a process called ARP Poison or Spoofing. This process is when the hacker tricks the router into thinking his device is the victim’s device. The hacker needs to be in the middle of the router and the user’s device, so the hacker then ARP poisons and tricks the victim’s device into thinking his device is the Wi-Fi router.
The hacker can now turn on IP Forwarding, allowing them to complete the connection from the victim’s device – through the hacker’s device – to the Wi-Fi router. IP forwarding allows the hacker to intercept files and pass them from the victim’s device to the Wi-Fi router. It is at this time that the hacker has established his device in the middle of the connection between the victim’s device and the Wi-Fi router. This allows for packets of information including files, messages, or information that is being sent to and from the victim’s device to be seen, utilized, and saved by the hacker.
Methods of Mayhem
There are many routes that a hacker can take to access your private data and steal your identity. Hackers can use a program like Wireshark or Driftnet to analyze the web traffic between the user’s device and the router. This can result in the theft of passwords, photos, work documentation and other information through a process called Packet Sniffing(whereby packet data flowing across the network is detected and observed).
A hacker could also attack a session by utilizing a similar process to packet sniffing called Sidejacking in which, during a user’s session, an attacker can utilize Cookies (which are usually unencrypted) that may have been sent to the user’s device after logging into a website or an account. This presents an opportunity for the hacker to download malware onto said user’s device or to gain access to the user’s private and personal accounts and passwords.
Public Wi-Fi and hotspots provide a great opportunity for a variety of other attacks including Evil Twin Attacks (i.e., fake Wireless Access Points that you may not realize are not the one’s owned by the business you are currently at), DNS Spoofing (where you get redirected to a different website than you were expecting, it might even look the same), and Shoulder Surfing (don’t turn around, someone is looking over your shoulder). Not only are these attacks able to be carried out in a public setting like a coffee shop or a hotel, but they can also just as easily be pulled off at your work or within your own home!
How to Check Yourself, Before You Wreck Yourself
There are measures identified that you could put in place to protect yourself against cyber criminals and MITM attacks including:
- Utilizing tools like a Virtual Private Network (VPN) can create an encrypted connection to your router that secures the data sent to you and from you.
- Realizing that while these attacks are more popular in public spaces, you can also be attacked on your own home Wi-Fi.
- Using strong and unique passwords is imperative to a safe network.
- Be careful about the logins that you use when using unknown or public Wi-Fi systems and always use Multi-Factor Authentication (MFA) when given the option.
- Only use HTTPS connections as this is the easiest way to determine if there is a level of encryption within the site that you are visiting.
- Ensure that your software, devices, and applications are all up to date with the latest patches, fixes and updates. Most companies work to make their products more secure to use as new attacks come out.
If you want to learn more about our Cyber Security solutions to help you mitigate your organization’s risk, see our Cybersecurity Services page or contact us here.
Leave a Reply
Contact us at the Consulting WP office nearest to you or submit a business inquiry online.
Todd is a recognized IAM and Cloud industry expert who brings over 20 years of experience in managing, advising, architecting, and deploying IGA, Authentication and Authorization, and Cloud solutions and services across IDaaS, SaaS, IaaS, and PaaS. Todd is a frequent speaker on effective risk and security practices at leading industry events. He is responsible for the oversight of CyberSolve’s business segments and for the development of strategic plans to sustain the company’s rapid growth while providing trusted advice to clients across the security and risk spectrum.
Atul has over 20 years of experience in managing, designing and implementing Customer Relationship Management (CRM) and Salesforce integrations. He has acted as a cloud-focused solutions expert in both domestic and international markets. Prior to founding CyberSolve, Atul was a Technical Consulting Director at Salesforce where he demonstrated his strong experience architecting financial services industry solutions. Atul holds a Bachelor of Engineering from Madan Mohan Malaviya University of Technology.
Shub possesses over 15 years of experience in the Identity and Access Management (IAM) industry in pre-Sales and technology architecture roles. Shubham has held various positions with SailPoint, RSA, Saviynt, and Okta. He has extensive Identity and Access Management industry technology and sales experience in both domestic and international markets as well strong knowledge of how Identity and Access Management satisfies Audit and IT compliance issues. Shub holds a 
Rajesh has served Multi-National Corporations and large organizations as a full time Vice President of Finance, Chief Financial Officer and in equivalent roles. In order to fulfill his duties as a CFO he is a Chartered Accountant, holds a Diploma in Information System Audit (DISA certified by the Institute of Chartered Accountants of India), is a Certified SAP Consultant, Certified QuickBooks Professional Advisor, and Zoho Partner with 30+ years of experience in managing Finance, Accounting and ERP Systems for Medium to Large organizations in diverse sectors.
John is an experienced IT executive with extensive business leadership, operations management, project management, technology delivery and consulting skills who spent over two decades with General Electric where he was responsible for all aspects of their Global PIM program, he was also a key member of the security assurance team for the organizations Capital business. John leads the delivery of client services across the business landscape, to include Privileged Access Management, Managed Services, Identity Governance & Administration, Cybersecurity and Cloud Services.
Luis has been facilitating IAM programs for 20+ years. He was the CRO at Clear Skye, which builds identity governance capabilities on the ServiceNow Platform. His prior experience with services companies that deliver real world identity solutions has made him a trusted resource for information security executives that he has the privilege of advising. Luis assists in the management of our global sales organization, driving revenue growth via direct sales, ensuring our customers have the best plan and solution to ensure their IAM investment achieves the lowest TCO while providing the highest ROI.
Amit brings over 15 years of Identity and Access Management (IAM) experience to the organization. He has a proven track record in providing customers with the best of breed Identity and Access Management solutions. He ensures success within all engagements by staying integrated with the customer throughout the engagement whether it is a program, project or managed services and support. Amit acts as a customer champion at all times to ensure the right solution and resources are in place to achieve the right requirements.
James leads the delivery of client services across the Identity, Access, and Authorization landscape. He has delivered projects across a wide range of products including Okta, Ping, ForgeRock, Oracle, Microsoft, Citrix, Imprivata, Radiant Logic, Axiomatics and many others. With the advent of modern cloud services, James has served as the internal cloud architect and administrator for almost 10 years and uses that experience to help users make the best use of it.
As a veteran of the Identity Governance and Administration (IGA) landscape, Tony’s career has spanned from being a hands-on Architect\Engineer on numerous industry-leading IGA solutions to building and managing industry-leading Professional Services delivery teams. Tony brings that vast knowledge to CyberSolve and the teams under his management. In recent years Tony has been instrumental in the migration away from the legacy on-prem Identity Governance & Administration solutions to modern cost-effective cloud products.
Clark is a Channels, Sales and Marketing executive with 40+ years of experience as a direct seller, Executive and Founder. His experience includes services, software and hardware sales to Commercial, Federal, and State/Local/Education entities across US Domestic and International markets. Within the IAM spectrum, Clark spent over 5 years as SailPoint’s Channel Manager, Federal & Healthcare markets. He has developed and managed Partner relationships and strategies globally, and is known for significantly growing the revenue of his partners by building trusted, profitable relationships and business strategies.