What Are Man-in-the-Middle Attacks and How Can I Protect Myself From Them?

The man-in-the-middle attack uses a technique called ARP spoofing to trick User 1’s computer into thinking that it is communicating with User 2’s computer and User 2’s computer into thinking that it is communicating with User 1’s computer. This causes network traffic between the two computers to flow through the attacker’s system, which enables the attacker to inspect all the data that is sent between the victims, including user names, passwords, credit card numbers, and any other information of interest.Man-in-the-middle attacks can be particularly effective at cafes and libraries that offer their patrons Wi-Fi access to the Internet. In open networking environments such as these, you are directly exposed to computers over unencrypted networks, where your network traffic can be readily snatched.

How to Avoid Being Attacked

In practice, ARP spoofing is difficult to prevent with the conventional security tools that come with your PC or Mac. However, you can make it difficult for people to view your network traffic by using encrypted network connections provided by HTTPS or VPN (virtual private network) technology.

HTTPS uses the secure sockets layer (SSL) capability in your browser to mask your web-based network traffic from prying eyes. VPN client software works in a similar fashion – some VPNs also use SSL – but you must connect to a VPN access point like your company network, if it supports VPN. To decrypt HTTPS and VPN, a man-in-the-middle attacker would have to obtain the keys used to encrypt the network traffic which is difficult, but not impossible to do.

When communicating over HTTPS, your web browser uses certificates to verify the identity of the servers you are connecting to.  These certificates are verified by reputable third party authority companies like VeriSign.

If your browser does not recognize the authority of the certificate sent from a particular server, it will display a message indicating that the server’s certificate is not trusted, which means it may be coming from a man-in-the-middle-attacker. In this situation you should not proceed with the HTTPS session, unless you already know that the server can be trusted – like when you or the company you work for set up the server for employees only.

If you want to dive into the technical details and learn more about the tools used to carry out a man-in-middle attack, I recommend watching the YouTube video – Man In The Middle Attack – Ethical Hacking Example created by the InfoSec Institute.

In the meantime, use HTTPS and VPN in public networks and stay away from web servers you don’t trust.

I work for Trend Micro and the opinions expressed here are my own.

For more tips and advice regarding Internet, mobile security and more, just “Like” Trend Micro Fearless Web Facebook page!