When you connect to the internet via your smartphone, how sure are you that you’re talking to the right thing?
Crooks and snoops eager to harvest your sensitive information often use a tried-and-tested attack method to get it. Traditionally called the man in the middle attack, it’s also known in these more language-conscious times as the Manipulator-in-the-Middle attack.
MitM attacks often employ “evil twin” Wi-Fi networks – compromised ones that use the same name as legitimate ones, like “Starbucks WiFi”, tricking users and their devices into thinking they’ve been set up by the coffee shop or that they’ve seen them before.
Whatever you call this attack MitM should be on your list of online threats.
MitMs are difficult to spot because they don’t happen on your phone. Instead, the attacker inserts themselves between you and the system your phone tries to contact.
Your phone and the legitimate system think they’re talking directly to each other, but the attacker is in the middle, reading and relaying your communications. They can access sensitive information including passwords and session information supposed to protect web applications. They can also tamper with messages, sending you to fake sites or drop malware on your device.
Beware the dangers of public WiFi
One of the biggest MitM risks for smartphone users is on public WiFi networks, where an attacker inserts a fake access point between your device and the real one.
Some MitM attacks compromise a legitimate router directly, enabling an attacker to control your connections with everything online. Netgear recently patched an issue that allowed hackers to gain control of its routers. Multiple other router vulnerabilities have enabled criminals to own hundreds of thousands of routers en masse. MitM attacks that alter DNS traffic and take you to fake sites are just one possible payload when you own your victim’s gateway.
Not just WiFi – 5G at risk of MitM
Researchers have also identified the potential for MitM attacks on 5G networks. At Black Hat 2019, security professionals revealed that it was possible to communicate with devices using a fake base station, gathering critical information about it including its type, operating system, version, and IMSI number (which is unique to the device, and therefore its owner).
No phone? No problem for MitM
Some MitM attacks don’t even require the smartphone’s owner to be present. Instead, they record messages sent by the phone and replay them later on. This happened when Apple launched a new mode that allowed people to buy transport tickets without unlocking their phones. Researchers at the University of Birmingham worked out how to replay the payment message, tampering with it so that they could send it to any wireless payment reader and pay for anything, with any amount, at any time.
What can you do to protect yourself from MitM attacks?
If you’re a company looking for safe communications with your employees, then using a trusted VPN from users’ mobile devices to your own VPN will help to stop snoopers infiltrating your session. Another layer of defence is to install the Trustd mobile app, which will check your local WiFi connection for MitM activity and alert you. Our business-focused Trustd solution will also alert your company’s IT admin so that they can ensure you’re secure.
With home working now a permanent reality, protecting yourself against MitM attacks isn’t just optional; it’s a must-have. It’s time to close this long-standing attack vector once and for all.
If you’re a consumer you can download the app for free to protect yourself against MitM attacks. (Watch Trustd catching MitM in a coffee shop).
And if you’re a business, why not take a 14-day free trial of Trustd MTD so you know your employees and business data is safe. It’s quick and easy to enrol up to 5 devices straight away and no credit card is required for the free trial.
MitM by the Numbers
11% – percentage of companies reporting MitM attacks in 2019 (Fortinet State of Operational Security Report 2020)
#1 – ranking of MitM attacks among top cyber threats in Europe (Trend Micro and Ponemon CRI 2021)
22% – proportion of websites using HTTP Strict Transport Security (HSTS) – a protective measure against MitM attacks (W3Techs)
0% – number of health-related mobile apps surveyed by Knight Ink that protected their users against MitM attacks (Report – Playing with FHIR – Hacking and Securing FHIR APIs)
8% – Companies that take technical measures to protect employees from risky WiFi connections. (Verizon Mobile Security Index 2021)