What is a Man in the Middle Attack?

Earlier this month, an app called AirDroid made the headlines for all the wrong reasons when a security company discovered that its users were vulnerable to Man in the Middle attack (MITM) attacks. The app, which allows people with Samsung, Sony, and other Android-based devices to link their phone on a PC over the internet, apparently had insufficient security to protect its users, thus exposing millions of people to potential data theft.

But what is a man-in-the-middle attack – and how can Android fans avoid them?

Personal Details
One of the more sophisticated threats, a Man in the Middle attack is a kind of digital eavesdropping in which a criminal hijacks communication between the user and a third party (in this case, AirDroid) to trick them into revealing personal details or routing money to a fraudster’s bank account. The attack is sometimes associated with cyber warfare.

However, one of the more heinous examples involves property. If a hacker can insert themselves into an email exchange between a solicitor and a home buyer, they can steal hundreds of thousands of dollars without arousing much suspicion, simply by asking the customer to send over the normal fees. To make the trick believable, fraudsters will often monitor conversations for some time before interjecting.

In the case of AirDroid, the app relied heavily on weak password encryption and unencrypted HTTP in data transfers, meaning that the potential existed for hackers to access a user’s text messages and contacts, and make payments in apps. The company has since fixed the flaw, deploying an update on December 9 and upgrading the app to HTTPS security.

There have been no reports of anybody taking advantage of AirDroid’s temporary weakness, even though the vulnerability was there in the app’s code for several months.


Wi-Fi Networks
So how can users keep themselves safe from this kind of security concern?

The fact that MITM attacks require competence at hacking means that they’re not as common a threat as malware. However, web users relaying sensitive information to a contact still ought to be aware of the possibility that their connection might be vulnerable to interlopers. Fortunately, some of the most effective defenses are common sense browsing habits.

To protect your data, don’t make transactions or send bank details to anybody while on a public or otherwise unsecure Wi-Fi network. Keep an eye out for SSL (Secure Sockets Layer) and TLS (Transport Layer Security) encryption – the green padlock next to a browser’s address bar – and log out of social networks and banking sites after each session.

Returning to the previous example about solicitors and email exchanges, a key sign of a MITM-type attack is a sudden change in the bank account number that a buyer is supposed to send their money to. Obviously, there can be legitimate reasons for a change in arrangements – even a last minute one – but don’t be afraid to confirm any unusual developments with the solicitor either in person or over the phone. Many victims of MITM attacks don’t know they’ve been duped until the intended recipient of a cash sum declares it missing.

The slightly awkward thing about MITM attacks is that app developers and website owners have a part to play in protecting people (SSL/TLS is a decision individual to each website, even if it is considered best practice for any site that handles sensitive information) but web users are still far from helpless in the face of criminals.

About Author