What is a Man-in-the-Middle attack? - The Happy Android

Cyber ​​attacks are often common within the internet world. Therefore, every second, we are at risk of losing our information. One of the most used methods today is the Man-in-the-Middle attack. Through this, it seeks to interfere with the communication between two or more devices, and thus obtain the data that is transmitted. However, with some recommendations you can manage to navigate without fear of becoming a victim of hackers.

What is a Man-in-the-Middle attack?

Every second that we remain surfing within the network we are under risk of a cyber attack. Among the most recognized, and that suppose an alert, is the Man-in-the-Middle attack, tooknown as MitM or man-in-the-middle attack. It consists of a person or software interfering in the communication between computers or devices, which allows a third party to have access to the information that is transmitted. The idea of ​​this attack is to divert the data and control it.

The advancement of technology has also allowed the evolution of risks on the Internet. Previously, the hacker had to manipulate the physical channel to achieve the interception of the communication. This is no longer necessary. Using shared networks makes the process easier for a third party to perform the MitM attack. Through this, it is sought override security protocols, in order to access the encrypted information of the communicating devices. In general, these attacks are usually aimed at online transactions where there is money involved.

Types of Man-in-the-Middle attacks

The risk of suffering a MitM attack is latent at all times. The reality is that there is no single way to achieve disrupt data communication. The hacker does not do everything by chance, he knows the victim in order to implement the most appropriate method and deceive them. Types of Man-in-the-Middle attacks include:

  • DHCP server based attacks: When talking about DHCP, it allows you to dynamically assign an IP address and all its settings. If a fake DHCP server is created, then it will take over control of local IP address allocation. With this, you will be able to divert and manipulate the information traffic thanks to the fact that it is able to use the gateways and DNS servers in its favor.

  • ARP cache poisoning: The ARP or Address Resolution Protocol allows the resolution of IP addresses of a LAN network into MAC addresses. As soon as the protocol starts working, the IP and MAC addresses of the requesting machine are sent, as well as the IP of the requested machine. Finally the information is stored in the ARP cache. In order to gain access to this data, then the hacker will create a fake ARP. This will allow the attacker's MAC address to connect to the network's IP and to receive all the information that is transmitted.
  • DNS server based attacks: The DNS or Domain Name System is in charge of translating domain names to IP addresses and storing them in a cache to remember them. The idea of ​​the attacker is to manipulate the information in this cache, to change the domain names and redirect to a different site.

Decryption types in a MitM

Once the communication has been intercepted, the time comes when heThe data obtained must be decrypteds. When it comes to Man-in-the-Middle attacks, attackers typically target four ways to access information:

  • HTTPS spoofing: HTTPS is a protocol that ensures that the website you visit keeps your data safe. But a hacker has the ability to break this security. Install a fake security root certificate. The browser is fooled into believing that the site is secure and allows access to the encryption key. With this, the attacker will be able to obtain all the decrypted information and return it to the user without him noticing that he was violated.

  • BEAST in SSL: in Spanish it is known as a browser vulnerability in SSL / TLS. SSL and TLS are two other security protocols that seek to protect user information. In this case, the hacker takes advantage of the weaknesses of block encryption to divert and decrypt each of the data that is sent between the browser and the web server. In this way, it knows the internet traffic of the victim.
  • SSL hijacking: When a website is entered, the browser first makes a connection with the HTTP protocol and then goes to HTTPS. This allows providing a security certificate, thus ensuring that the user navigates safely. If there is an attacker, then the attacker will divert traffic to your device before the connection to the HTTPS protocol is successful. This way you will be able to access the victim's information.
  • SSL stripping- The attacker uses a MitM attack of ARP cache poisoning. Through this, you will get the user to enter an HTTP version of the site. With this, you will have access to all the decrypted data.

Avoid a Man-in-the-Middle attack

Man-in-the-Middle attacks pose a great risk to user information within the network. Therefore, it is always necessary to be alert and take steps to reduce the likelihood of an attack. The best recommendation is that you use a VPN, managing to encrypt our connection. Also, do not forget to verify that once you enter the site it remains with HTTPS. If you switch to HTTP you may be at risk of attack.

And as for this protocol, if the website works only with HTTP, try not to enter, since it is not considered secure. Too stay up to date with all updates. Every day security methods are renewed to protect user information. Don't forget to verify that the emails you receive come from secure addresses. By applying these recommendations you will reduce the risks.

You have Telegram installed? Receive the best post of each day on our channel. Or if you prefer, find out everything from our Facebook page.

Recent Posts