WHAT IS A MAN-IN-THE-MIDDLE ATTACK?

A common digital hacking technique is the so called ‘man-in-middle attack’ (MITM). Here’s how it happens:

1.  The attacker electronically (and secretly) breaks an existing connection the victim has with another endpoint on the internet – such as with a bank , a co-worker, or an email server.

2.  The attacker then creates a new connection which routes all traffic through their device, such as a laptop.

3.  Using this new connection they are ‘in the middle’, and can now eavesdrop and download anything being sent between the victim and the servers they connect with.

Because of their nature these attacks are very hard to detect. A successful MITM attack is invisible to the victim, and everything appears normal. But think about what might be at risk – email passwords, private messages, photographs, and more. This is the very attack the NSA used to capture corporate secrets from a reputable technology company in the Netherlands called Gemalto.

With no authentication technology in place on your device, a successful MITM attack is shockingly easy to achieve. See how it’s done here.

Man-in-the-Middle

WHO'S ON THE OTHER SIDE, OR IN THE MIDDLE OF YOUR COMMUNICATIONS?

Without authentication technology, you simply don’t know. Encryption gets a lot of attention when it comes to privacy in the digital world, but an often overlooked, and arguably more important aspect of privacy is authentication. Authentication is the act of validating who you are communicating with, and ensuring no one can be between you stealing your data.

Authentication will play an increasingly important role as we connect with more and more devices, people, and organizations on the internet.

Am I connecting to a dangerous public WiFi? Am I about to send funds electronically to the wrong merchant at the market? Is there a digital eavesdropper between me and the person I’m having a text chat with?

While encryption may reduce the consequences of these events should they happen, proper authentication prevents them happening in the first place.

who are you connected with-2

AUTHENTICATION WHITE PAPERS

To learn more about authentication technology, check out some of the technical papers below published by OxCEPT’s security experts.

Bootstrapping Mobile Security Networks

Authentication protocols based on low-bandwidth unspoofable channels - Nguyen/Roscoe

Authenticating ad hoc networks - Nguyen/Roscoe