A modern person needs constant access to the Internet. Just so that, for example, he always had the opportunity to check his work mail, contact colleagues, discuss important work issues. That is why many public places provide their users with free WiFi access. Airports, restaurants, cafes, various hotels and hostels - they all try to attract customers in such a simple way. But such networks, although they are quite convenient, do not always comply with network security standards. Hacker attacks known as “Man in the Middle” (MitM) are especially common in them.
Man in the Middle Attack
This attack occurs when an attacker manages to break into a communication between two parties. And use this situation for their own purposes. Most often - to redirect the user's request to a phishing site, which can be used to obtain private information. The main thing is to use a thorough copy so that the user does not even have suspicions that he has entered the wrong Internet resource.
The simplest situation. A certain Simon, while on vacation, used the public WiFi in a cafe to check his email. However, the hacker controlling this network intercepted Semyon's request and redirected it to a fake site that differs from the original only by minor changes in the address. Semyon did not pay attention to this and entered his login details. Of course, he failed to enter his mail, but the attacker received his username and password. Now from Semyon's mail, if he does not catch himself in time and does not change his password, you can send other phishing emails to his entire list of contacts.
This is the most common man-in-the-middle attack, but far from the only one. Also, the situation of WiFi listening is quite common.
Listening to WiFi
Hackers, as a rule, do not own public WiFi networks, so their ability to collect confidential information is severely limited. However, no one bothers them to create their own, fully controlled access point and name and give it a name identical to the existing network.
That is, if during the connection process you see several names of public networks that are very similar to each other, then one of them will most likely be a fake. Created solely to collect information from devices connecting to it. Thus, for example, it is possible to steal account data or credit card information.
This process is called "Listening to WiFi". To avoid this unpleasant situation, always check with the employees of the institution with free Internet about the correct name of their network. Ideally, use only those public networks that are password protected.
These are special programs used to intercept and analyze data. In general, it is quite a useful thing, especially for IT-specialists - it allows you to detect and fix problems with network access, as well as to track the dynamics of Internet views in private organizations. And clearly know who sits on social networks during working hours.
However, these programs can also be used by cybercriminals to collect information about users of public WiFi networks. This is usually a slow and unhurried collection of data that ordinary people are not even aware of. Exactly until the hacker decides to use this data for his own purposes.
Or TCP Hijacking. This is a process in which an attacker successfully masquerades as a normal user and on his behalf carries out supposedly normal activities on the site. So, for example, by intercepting an access session to Raiffeisen Online or any other banking service, a hacker can try to carry out banking transactions there that are not protected by two-factor authentication.
Most often, this is done by stealing cookies, and it works even without direct familiarization with the content of confidential information. And public WiFi is very vulnerable to this impact.
Cookies are small packets of data that web browsers collect from websites to make it easier and easier for users to access them. This makes it possible, for example, to do without constantly entering a username and password when entering or confirming when paying in various online stores. In addition, the "cookies" also store data about search queries.
All this is stored in the form of simple text files, so it is impossible to inject malware into the cookie in any way. However, they can simply be copied and used for your own purposes.
How to protect yourself from MitM?
- Disable the ability to automatically connect to unsecured public networks.
- Turn off file and folder sharing.
- Always log out after logging out.
- In general, do not use public networks. And if there is no choice, do not send data with their help and do not go to really important sites containing confidential information.
- Update your anti-virus software regularly.
- When connected to public WiFi, avoid any financial activity. And with cryptocurrency in particular.
- Ensure that sites use the secure HTTPS protocol. Unfortunately, some fraudulent sites have already learned how to forge this protocol, so, alas, this does not give a 100% security guarantee.
- Always use a VPN.
- Turn off your own WiFi and Bluetooth when you are not using them.
Modern hackers exploit not only software vulnerabilities but also human behavior errors. And whenever possible, they try to force people to make more mistakes. Public WiFi, unfortunately, provides them with many opportunities to do this. And only attentiveness and caution of users can save them from identity theft.
SecurityAuthor: EXBASE.IO | Oct 30, 2020
SecurityAuthor: EXBASE.IO | Oct 30, 2020
NewsAuthor: EXBASE.IO | Jan 16, 2021