Threat of the month: February 2016

Man-in-the-middle attack

How does it work?

An attacker or eavesdropper can intercept the communication between your device and the site you are visiting, such as your bank. This attack can be used to alter the information being sent, or simply listen in to gather the data (credit cards, PII, etc.) being passed between the two.

Should I be worried?

If you frequently use public networks on campuses, conferences and coffee shops you are more likely to be targeted. Many modern smart phone applications ensure secure communication is taking place before allowing any communication, often telling the user there is a network issue and protecting them automatically.

How can I prevent it?

Users can use a VPN on public networks (Wi-Fi, etc.) to ensure their device is on a trusted network the attacker can't access. Users should also always heed browser warnings and errors, such as red certificates in the address bar. Companies should ship their products with TLS (SSL) pinning enabled by default to guarantee users are connecting to the appropriate site, regardless of the network.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS