As part of cybersecurity awareness month we want to make sure you (the end user) understand the various threats attacking the thing that is more or less attached to you for most of the day – your mobile device. This week, we’ll focus on man-in-the-middle attack.

What is a man-in-the-middle attack?

A man-in-the-middle attack occurs when the communication between two systems is intercepted by a third party, aka a Man-in-the-Middle. This can happen in any form of online communication, such as email, web browsing, social media, etc.

The man-in-the-middle can use a public Wi-Fi connection to either listen in on your conversation or they’ll try to inject data into your connection in order to gain access to your browser or app that is trying to move data, or even compromise the entire device. Once they gain access to the device, the damage they can do is endless; steal credentials, transfer data files, install Malware, or even spy on the user.

What are the symptoms

A few warning signs that you’re at risk of a man-in-the-middle attack include:

  • Open / public Wi-Fi networks
  • Suspicious SSIDs (Wi-Fi network names) that don’t look right,
  • Evil Twin Wi-Fi networks, i.e. StarbucksFreeWiFi and StarbucksWiFiJoin in the same location – one might be fake

Once your connection has been intercepted a hacker can inject various things into your devices using the connection. Here are some signs your connection has already been intercepted.

  • Popups or captive portal pages asking for credentials
  • Login pages appear that don’t look legitimate
  • Fake software update popups
  • Certificate error messages

What are the causes?

  • Sniffing – hackers use packet capture tools to inspect packets or by using a wireless monitoring device (which is available on Amazon for less than $100), they can see packets that are addressed to other hosts
  • Packet injection – the hacker can then also use the monitoring device to inject malicious packets into data communication streams disguising them as part of the communication.
  • Session hijacking – If a hacker cannot view your password they can still take over existing session to online services such as social networking accounts.
  • SSL Stripping – hackers use SSL stripping to intercept packets and alter their HTTPS-based address requests to go to the HTTP version of the requested site

What’s the treatment?

So you’ve got a man-in-the-middle snooping on your connection, what now?

  • Switch off Wi-Fi and use a cellular connection instead
  • Switch connection to your corporate VPN is you have one available
  • Remove the root CAs from the trusted list that do not belong to websites that you routinely visit
  • Watch out for warnings of identity theft and put a fraud alert on your credit account.

Prevention

Since Man-in-the-middle attacks are so difficult to detect, the best remediation is prevention. Stay safe from man-in-the-middle attacks by following this guidance:

  • Change the configuration settings so your devices don’t automatically connect to Wi-Fi by default
  • Check for encryption – you can tell if a website is encrypted by looking for the https and lock symbol at the beginning of the URL
  • Don’t do any banking or enter any account login credentials while connected to public Wi-Fi
  • If you must connect to an open Wi-Fi network, have your device ‘forget’ the network so it doesn’t automatically connect
  • Regularly check your trusted list for root CAs you don’t recognize
  • If you need to do online banking in a public place, switch your phone’s Wi-Fi off and use a cellular connection instead
  • Use a VPN when available

No matter how hard you try to educate yourself and your team, it’s inevitable that some attempts will slip through the net. To stay ahead of the attacker it’s imperative to have a security solution in place which is able to intercept traffic to phishing sites, stopping the threat at its source. For more information, get in contact with one of our mobility experts today.

Wi-Fi hotspots: Can you trust them?

Despite being mostly free, fast and widely available, Wi-Fi is a less secure connection than cellular. For someone with malicious intent and cheap equipment, every hotspot is a window to your sensitive data. So why do so many people blindly trust it?

Download now