Man-in-the-middle (MITM) attack is a type of cyberattack where an attacker secretly interferes, relays or alters the communication between a client (browser) and the server (website). In MITM, the client assumes that it has established an encrypted connection with the server, but actually, the server and the client are connected to the hacker who could read and modify the data that is being transmitted. During a MITM attack, the hacker breaks into the Wi-Fi connection or the Internet provider’s network and interrupts the sent data. Once the data has been stolen by the hacker, it can be easily read (since it isn’t encrypted) and sorted to access sensitive information.
All the information travels to the internet provider’s network or Wi-Fi connection from the user’s device and then reaches the server through HTTP protocol. Since this protocol is not secured, the data sent through it is easily accessible as it is not encrypted.
Detection of MITM Attacks
Generally, MITM Attacks can be detected or prevented in the following ways:- Authentication– Authentication assures the user that the message has come from a legitimate source. A mutual authentication method can be adopted in order to exchange the information over a secured channel in which both the server and client can validate each other’s communication. For example, the use of Asymmetric Cryptography or public key cryptography.
- Tamper Detection– In order to detect a MITM attack, differences in response time can be checked. If one party takes an abnormal length of time to reach the other party, there may be a possibility of interference from the third party or the hacker.