Skip to main content

Man In The Middle Attack - EavesDropping in the Digital World

 
 

This is a term used to describe a cyber attack where a hacker acts as middleman, during data transfer between user and an application. The app can be a financial or an E commerce website, Software as a Service (SaaS) etc. The hacker can intercept data passed via the browser to the website, and collect sensitive information such as account and credit card details, user login etc.

To put it into context, it is like a postman who reads all the letters addressed to you, then reseals the same, on delivery. This way no one suspects a foul play.

 

Interception

This is the first phase of the attack. Here the hacker establishes a connection with the target device whether a PC, Laptop or Smart phone. This is done through various methods like

  •  Free WiFi : Here a WiFi hot spot is set up  which is not password protected. When a user logs in to the network, they are in essence connecting to the hacker's system. Now any data transfer occurs via this compromised system, resulting in loss of sensitive information.
  • ARP Spoofing : Stands for Address Resolution Protocol, it resolves IP address into MAC address in an Local Area Network (LAN). This system gets compromised. Now all traffic of the LAN network gets re routed to the hacker's computer.

DNS : stands for Domain Name Server. It converts the name of a specific website into its corresponding IP address. Here the server gets hijacked and all the legitimate IP addresses gets changed. Now the user is automatically directed to a malicious website. 

 

Decryption

Once the connection is set, the hacker sends a phony digital thumbprint to the browser. This is to make it believe a secure connection has been established. Also protected HTTPS website are downgraded to HTTP, known as SSL Stripping.  This way all information that passes from the user can be intercepted and compromised.

 

Prevention

  • Avoid using free WiFi specially in public places like cafe or restaurants.
  • Always check browser address whether it is HTTP or HTTPS.
  • Log out of all financial or Ecommerce website immediately after use 

 

Comments

Popular posts from this blog

X86 vs ARM - The PC War

X86 Vs ARM A Hype?  Recently laptops powered by ARM processors have taken industry by storm. Touted as being highly power efficient, providing 18 hours backup, on as single charge. That too while running multiple program instances. Would this spell an end to the x86 architecture, where Intel and AMD rule. Or will the tables turn around? What's the Difference? Let's start with an x86 based CPU. They feature a single processing unit which can be integrated to other external peripherals like Memory, GPU etc. Here each peripheral has a separate controller, knitted together by address and data BUS. When we look at ARM all the above components (Memory, GPU) are integrated within the main chip. Known commonly as SOC (System on a Chip) . This helps in reduced footprint. But they do come with a drawback. Cannot expand by adding extra peripherals. Coming to complexity, x86 provides a simpler set up, at least for a developer. Here most of the core tasks such as Memory Read/Write, Arithmet...

The Brain within an Embedded System-Difference between Microprocessors and Microcontrollers

To understand the working of an Integrated Circuit, we need to first understand what an Embedded System is.  It is basically a conjunction of Hardware and Software parts. Embedded System is a stripped-down version of a mainstream computer, specializing in a single task. They are connected either as a standalone device, or as part of a larger electrical or mechanical system. Mainly in consumer electronics like fridges or microwaves, they have low power rating and, is economical to build. Embedded system performs complex mathematical calculations at any specific time. This is done thru a Central Processing Unit (CPU) , mostly a Microcontroller or at times, a Microprocessor. A Sensor is used to collect data from the external environment Eg: Temperature, atmospheric pressure etc. This is then fed into an Analog to Digital (ADC) converter. The digital signal thus obtained is stored in memory and, decoded by the CPU.  The output of the operation is then fed to a Digital to Analog...

Virtual Private Network (VPN) - Browsing Anonymous

  Privacy is a major concern when browsing the internet. Your data could be eavesdropped by hackers, companies targeting ads or even rogue state actors. What gets revealed would be personal browsing history, location monitoring, IP addresses to name a few. Enter the tech... Virtual Private Network or simply known as VPN is a technology used to prevent unauthorized access of your private data. Even if a hacker penetrates the network and get hold of data packets, all that is revealed is gibberish.  This is because all the information that passes through your device is encrypted and can be only revealed through a personal key.  Internet Service Provider Before going further, a knowledge of Internet Service Provider (ISP) is needed. They are the backbone of the World Wide Web. ISP provides each device with a unique IP (Internet Protocol) address, bandwidth allocation and network security. When a website is searched, first it goes from your device to the Router or Modem which...