Man in the middle attacks in Mobile Devices 

Man in the middle attacks in Mobile Devices

Mobile security has always been a weak link for cyber attacks in organizations since mobile devices have been introduced to the internet. These issues have not just been brutal on Organizations but also on Non-technical mobile users, due to lack of awareness and the severity of their attack. The man in the middle attack has been one of the most exploited ways hackers have tried and managed to steal information and money.  

CSO Online has stated in its report in 2019 – 

“Nearly a quarter of devices have connected to open and potentially insecure Wi-Fi networks, and 4% of devices have encountered a man-in-the-middle attack — in which someone maliciously intercepts communication between two parties — within the most recent month.” 

Man in the middle attack and its types 

This type of attack is not a single player attack but man-in-the-middle attack requires three players. There is a communicator 1, being the entity who is sending the information; the entity with which the communicator 1 is trying to communicate is communicator 2, and the “man in the middle,” who’s intercepting the victim’s communications. The darkest piece of this attack is that no communicator is aware of the man in the middle. 

  • IP spoofing 

A device is identified by its unique Internet protocol address on a network which is similar to a location address that can be used to locate a place. By spoofing an IP address, an attacker disguises himself as an application by altering packet headers in an IP address. As a result, users attempting to access a URL connected to the application are sent to the attacker’s website ending up compromising their valuable data. 

  • DNS spoofing/ DNS Cache poisoning 

Domain Name Server, or DNS, spoofing is a technique that navigates a user to a duplicate website created by the attacker, rather than the real one intended by the user to visit. The user is under the impact of visiting a safe, trusted website when they are actually interacting with a fraudster. The attackers aim is to divert traffic from the real site or capture user login credentials. 

  •  ARP Spoofing 

ARP spoofing is the process where unauthorized ARP messages prepared by an attacker are used to link an attacker’s MAC address with the IP address of a legitimate user on a local area network. As a result, data sent by the user to the host IP address is instead transmitted to the attacker. 

  • HTTPS spoofing 

It is now very well known to all the internet users, that while opening a webpage on the internet, seeing “HTTPS” in the URL, rather than “HTTP” on the address bar is a sign that the website is secure and can be trusted, where “S” stands for “secure.” 

 An attacker deceives the browser into believing that it is visiting a trusted website. By redirecting the browser to an unsecure website, the attacker can monitor your interactions with that website and possibly steal personal information which you’re sharing. This usually results in Bank fraud and Identity thefts. 

  • SSL hijacking 

SSL stands for Secure Sockets Layer, a protocol that establishes encrypted links between your browser and the web server. In an SSL hijacking, during a TCP handshake being performed on a network, an attacker passes forged authentication keys to both the user and application. This sets up what appears to be a secure connection when, in fact, the man in the middle controls the entire session. 

  • Wi-Fi eavesdropping 

A very easy pathway to get control of a mobile device is through an insecure Wi-Fi Cybercriminals either set up Wi-Fi connections with very legitimate sounding names, or eavesdrop on a public Wi-Fi which has no security. Once a user connects to the Wi-Fi, the attacker will be able to monitor the user’s online activity and be able to get access to the login credentials, payment card information, and more. There are multiple risks that can occur while connecting to an unsecure Wi-Fi. 

  • Stealing browser cookies 

A browser cookie is a small piece of information a website stores on your computer. There are cookies created by the user browsing sessions, which makes the user browsing easier for the next time. A cybercriminal can get access to these browser cookies by impersonating any website or application the user is trying to access. Since cookies store information from your browsing session, attackers can gain access to your passwords, address, and other sensitive information 

Preventive Measures  

It has been verified by all the yearly reports and analysis that network spoofing has increased “dramatically” as of late, yet very few users connect to the secure network while traveling or visiting other places. This has led to multiplying the number of attacks. Although, with the amount of tools readily available to cyber criminals for carrying out man-in-the-middle attacks, it is very important to protect the mobile devices that are targeted easily. Few key points to remember are listed as below: 

  • It is important to make sure that the visited site on any web browser has the beginning of the URL. 
  • It is important to wisely arrange your Spam emails so that any email from an attacker that is a potential phishing email, asking you to update your password or any other login credentials shall move directly to SPAM inbox. Also , it is suggested that instead of clicking on the link provided in the email, manually type the website address into your browser. 
  • To use a secure connection while connecting to internet and not using a public Wi-Fi is always advisable 
  • Install an authenticated Firewall setup to protect the device from any malware attacks, which are primarily used to perform Man-in-the-middle attacks. 
  • Updating the system and Wi-Fi passwords at small intervals ensures the safety of devices. 
  • Installing the recent OS or system updates should be done to protect the system from any attacker ready to attack the device using the loophole available in the system. 

In our rapidly evolving connected world, it’s important to understand the types of threats that could compromise the online security of your personal information. These days, it’s not difficult to encrypt traffic,” says Kevin Du, a computer science professor at Syracuse University who specializes in Smartphone security.  

“If you don’t have a VPN, you’re leaving a lot of doors on your perimeters open.”