What is MITM attack?
MitM attacks are one of the oldest forms of cyber attack. Those attacks are about sitting between the connection of two parties and either observing or manipulating traffic.
Here’s how hackers can perform a MitM attack:
- Gain access to an unsecured or poorly secured Wi-Fi router (the most traditional way). Generally free Wi-Fi hotspots.
- “Pretend” to be a router or create another hotspots similar to victims hotspot name.
- Change DNS settings (DNS spoofing) so that you are connected to a wrong website with attacker’s IP address.
- Phishing can also be considered as a way of MitM attack. But it’s arguable.
How to be protected against a man-in-the-middle attack?
- Authentication: Proves that the message has come from a legitimate source.
- Tamper: Shows that a message may have been altered.
For internet users:
- Always use HTTPS, in case of HTTP the attacker will have a direct access to all sensitive information.
- Try not to use public Wi-Fi. Anyway, you can use a VPN as it encrypts your internet connection on public hotspots and protect your sensitive data.
- Don’t use default username and passwords for your router.
- Don’t click on any super exiting but suspicious links.
How SSL Certificates help you defend from these attacks?
In order to encrypt an information or data, Asymmetric Cryptography also known as public key cryptography is used. It makes use of a public key (shared with everyone) and private key (kept secret) pair to encrypt and decrypt data. Asymmetric cryptography is being widely used by many protocols such as SSH, OpenPGP, S/MIME, and SSL/TLS for encryption and digital signature functions.
SSL Certificates comprises two elements: SSL Protocol and SSL Certificate. The SSL protocol provides mitigation to HTTPS which is responsible for securing all the web and electronic communications. The private key associated with the corresponding certificate and establishes a valid connection. While on the other hand, based on the infrastructure of the Certificate Authority (CA), SSL certificate authenticates the identity and reliability of the owner.
Thus, if the server has SSL Certificate installed, MITM attacks can be prevented. Although, the hacker can intercept the data but the hacker cannot decrypt it because he does not own the private key.