Wednesday 12 March, 2014
Just the other day an update for Apple’s iOS 7.0.6 was released which patched up a vulnerability that allowed the easiest kind of attack in a hacker’s toolbox – the Man in the Middle attack, also known as MITM, Janus attack or fire brigade attack.
In an MITM attack, the hacker is basically intercepting your communications with another computer and eavesdropping. When two people are communicating online (or your computer is communicating with a server), they can listen in.
How MITM Attacks Happen
The way this is done is by tricking the server or client. The hacker tricks the client into thinking it’s talking to the server, or vice versa. The hacker has their own public key that they use to intercept communications. This is usually done through ARP spoofing. The hacker sends a fake Address Resolution Protocol message to a Local Area Network. Once they gain access, they can monitor and block communications.
An MITM attack may be carried out just to gain information. A hacker can spy on you and intercept personal details, financial information, passwords and other sensitive data about you.
The hacker can also alter the messages. They could reply to you instead of the server. Essentially, the attacker is in control of the conversation. MITM attacks could be used successfully in espionage in this way.
How to Prevent Man in the Middle Attacks
MITM attacks are some of the easiest for hackers to carry out but also some of the most preventable. One way to protect yourself in the case of an attack is to never use a public Wi-Fi network. It’s really easy for a hacker to gain access to a public library, café, airport or other network. However, keep in mind that MITM attacks can also be carried out on regular networks as well.
Good encryption is one way to prevent attacks. Use an encrypted network like HTTPS or a virtual private network. It’s impossible for a hacker to gain entry to these networks because of their encryption. This is why ecommerce stores and financial institutions use them.
Hackers carry out MITM attacks by fooling the computer with a false identity. Using SSL and other certificates is a good way to prevent this. The more ways you can verify who you are communicating with, the better. Make sure you see the green indicator in the address bar. There are many verification tokens, secret keys and passwords you can use to verify that you’re communicating with the right person.
As always, be careful with links in emails and online, especially download links. If you click on the wrong link, you could be handing over access to your computer and network straight to a hacker.
The vulnerability in its new operating system was a big embarrassment for Apple because it’s such a basic, easy kind of attack. But we forgive Apple because that’s what we do, no matter how they screw up. Your business or personal network won’t get by so easily so take the necessary measures.