top of page

Defense Against the Dark Arts – Protecting Yourself from Man-in-the-Middle Attacks

As much as we love using free Wi-Fi in public places like coffee shops or restaurants, cyber criminals may enjoy using these connections even more. It's important to understand the risks and defenses against hackers when using Wi-Fi in these atmospheres, whether it’s messaging friends, making purchases, and especially working with any sensitive information. Hackers can exploit and view your actions in these scenarios through a Man-in-the-Middle (MITM) attack.


MITM explained

In this form of attack a hacker will position themselves in the middle of two points. When someone is sitting at a coffee shop and connects to free Wi-Fi there, their laptop, phone or similar device could be considered the first point and the Wi-Fi router as the second point.

The positioning of the bad actor can be obtained through a process called ARP Poison or Spoofing. This process is when the hacker tricks the router into thinking his device is the victim's device. The hacker needs to be in the middle of the router and the user’s device, so the hacker then ARP poisons and tricks the victim's device into thinking his device is the Wi-Fi router.

The hacker can now turn on IP Forwarding, allowing them to complete the connection from the victim’s device – through the hacker’s device – to the Wi-Fi router. IP forwarding allows the hacker to intercept files and pass them from the victim’s device to the Wi-Fi router. It is at this time that the hacker has established his device in the middle of the connection between the victim’s device and the Wi-Fi router. This allows for packets of information including files, messages, or information that is being sent to and from the victim’s device to be seen, utilized, and saved by the hacker.

Methods of Mayhem

There are many routes that a hacker can take to access your private data and steal your identity. Hackers can use a program like Wireshark or Driftnet to analyze the web traffic between the user’s device and the router. This can result in the theft of passwords, photos, work documentation and other information through a process called Packet Sniffing(whereby packet data flowing across the network is detected and observed).

A hacker could also attack a session by utilizing a similar process to packet sniffing called Sidejacking in which, during a user’s session, an attacker can utilize Cookies (which are usually unencrypted) that may have been sent to the user's device after logging into a website or an account. This presents an opportunity for the hacker to download malware onto said user’s device or to gain access to the user’s private and personal accounts and passwords.

Public Wi-Fi and hotspots provide a great opportunity for a variety of other attacks including Evil Twin Attacks (i.e., fake Wireless Access Points that you may not realize are not the one’s owned by the business you are currently at), DNS Spoofing (where you get redirected to a different website than you were expecting, it might even look the same), and Shoulder Surfing (don’t turn around, someone is looking over your shoulder). Not only are these attacks able to be carried out in a public setting like a coffee shop or a hotel, but they can also just as easily be pulled off at your work or within your own home!

How to Check Yourself, Before You Wreck Yourself

There are measures identified that you could put in place to protect yourself against cyber criminals and MITM attacks including:

  1. Utilizing tools like a Virtual Private Network (VPN) can create an encrypted connection to your router that secures the data sent to you and from you.

  2. Realizing that while these attacks are more popular in public spaces, you can also be attacked on your own home Wi-Fi.

  3. Using strong and unique passwords is imperative to a safe network.

  4. Be careful about the logins that you use when using unknown or public Wi-Fi systems and always use Multi-Factor Authentication (MFA) when given the option.

  5. Only use HTTPS connections as this is the easiest way to determine if there is a level of encryption within the site that you are visiting.

  6. Ensure that your software, devices, and applications are all up to date with the latest patches, fixes and updates. Most companies work to make their products more secure to use as new attacks come out.

If you want to learn more about our Cyber Security solutions to help you mitigate your organization’s risk, see our Cybersecurity Services page or contact us here.

bottom of page