While most mobile attacks require some level of interaction with the user, Man-in-The-Middle (MiTM) attacks can achieve their goal without the user ever knowing they occurred. This type of attacks allows attackers to eavesdrop, intercept and alter traffic between your device and any other counterpart.
There are several ways by which hackers can execute such attacks, the most prominent of which is using a spoofed hotspot. Many attackers establish fake hotspots with names similar to legitimate hotspot names, for example, “Starbucks Coffee” instead of “Starbucks.” Unaware, the user connects to the malicious hotspot. Once the user tries to connect to the server, the hacker uses his control over the hotspot to attack the user.
Having access to the Internet is critical for on-the-go professionals, so the convenience of open Wi-Fi hotspots often outweighs the risk these connections may not be safe. For hackers, spoofing or taking control of a hotspot is easy, and does not raise any alert for users.
The familiar alert and warning signs on PCs and laptops are far more subtle and easily overlooked on mobile devices. Small screen sizes can hide web addresses, making it harder to validate the address the browser is pointing to. Moreover, some MiTM attacks can be conducted without even triggering these subtle signs.
Once an attacker gains control over a device on a hotspot, spoofed or legitimate, he can initiate several malicious activities, including intercepting or altering the communication, and even installing a malware on the device. All of this is possible even if the communication is encrypted. The hacker can either use fake certificates or downgrade the communication link so that he can access the actual information passing through.
Some users disregard the threat MiTM attacks pose, stating they are not likely to actually happen. However, we fend off MiTM attacks on a regular basis, as we have done earlier this year when hackers tried to attack a senior executive at a large financial company.
So, how is it possible to protect users against MiTM attacks? The answer for these attacks is using a behavioral analysis that can detect rogue hotspots and malicious network behavior and conditions, and automatically disable suspicious networks to keep devices and your data safe. You can defend your device even further by using a solution capable validating the integrity of secure connections to detect compromises.
Two additional pro-active features implemented by advanced threat prevention solutions are honeypots and VPNs. A cloud-based honeypot is a system set up to attract and identify attackers who try to penetrate your network. A VPN (Virtual Private Network) can be dynamically triggered on the device to protect the privacy and integrity of communications and minimize the impact of an attack.
A comprehensive solution capable of protecting you against MiTM attacks should include the following features:
- Use behavioral analysis to detect rogue hotspots and malicious network behavior.
- Automatically disable suspicious networks to keep devices and your data safe.
- Validate the integrity of secure connections to detect compromises.
- Use a cloud-based honeypot to attract and identify attackers.
- Use on-device remediation to trigger dynamically a secure VPN that protects the privacy and integrity of your communications.
To learn more about the major threats facing
mobile devices in the enterprise, read our
CISO’s Guide to Mobile Security.