WiFi Man in the Middle Attacks
We would all like to think that the wifi networks we use are secure and that the promise of secure mobile connectivity is fully realized. The truth is that mobility, security, and convenience are all in measures, and that some measures are greater than others. And some measures are nil. For secure computing in a mobile or portable environment it is essential to observe certain effective precautions, because there are entities seeking to capture and use your sensitive data.
DEFINING THE "MAN IN THE MIDDLE" SCENARIO
A Man In The Middle attack, often abbreviated as MITM, is accomplished by inserting a third party into a two party communication and hiding that fact from the original two participants. The man in the middle then gets access to the data and can secretly alter it for his own purposes.
Imagine Alice and Bob, a century ago, communicating via paper notes. The evil character Dennison is a master of counterfeit with access to their letters while enroute. Dennison reads their letters and passes them on unaltered. Then one day Bob offers to buy Alice's valuable collection of antique office furniture. Alice agrees, and requests payment info with a delivery address. Bob sends his banking and delivery information, but Dennison alters it all. Dennison gives Alice the address of his stolen goods dealer, and he transfers all of Bob's money into an offshore account. Dennison sends Bob an authentic looking note from Alice indicating that all is well and to expect delivery in four more days. Not to happen! Alice and Bob have been duped by an impostor middleman who will have vanished before any suspicion arises.
Or, imagine a secret business transaction between A and B, carried out via a courier trusted by both sides who actually is an agent for a third company, C. The transaction stalls because the courier alters the terms seen by A or B, and makes them unreasonable. The company C comes along and clinches the deal thanks to middleman sabotage. A and B have no idea that their offers were rewritten enroute.
Note: There are non-free countries where internet users must have their web browsers set up to use state controlled security certificates for browsing SSL encrypted pages! Yes, anyone can read unsecured http traffic, but an entity with security certs in one's browser can read https traffic. If you are in such a place, the authorities can see what you visit on the web. Beware, and it does not matter that you may have nothing to hide: It is not your responsibility to give up information that is no one else's business. The power of search and seizure must always be used for just cause and never arbitrarily.
"MAN IN THE MIDDLE" WiFi VERSION
In wireless networking, the MITM scheme is implemented in a number of ways. One is to operate a rogue access point resembling a legitimate wireless hotspot. Often the real access point is jammed or blocked while the rogue, with the same SSID, is in the clear with a strong signal. Another method is to break a client's connection and lure the client's hardware into reconnecting to the middleman. In this case the middleman has faked the access point MAC address.
Be aware that these attacks are not limited to wireless networks; there have been cases of proxy servers (and even the TOR network) faking security for SSL / HTTPS communications. It means that banking, secure email, and other sensitive connections have been compromised by man in the middle schemes. The intent again is to access and use or alter confidential data passed on a network.
COUNTERMEASURES AGAINST "MAN IN THE MIDDLE" ATTACKS
What protections are there against man in the middle attacks on your network? Consider these steps:
- Survey the APs operating with your unique SSID. Take down any that are not authorized to be on the air.
- Use strong encryption on your network. WPA is much better than WEP
- Use SSL. It will make man in the middle attacks more difficult, and will prevent most attacks.
- Doublecheck SSL certificates before using https pages. IE and Firefox can do this for you.
- Encrypt any documents you don't want to be intercepted or altered.
- Using a VPN service is quite effective against man in the middle attacks
- Forget about WEP. WEP is dead. Use WPA encryption
In conclusion remember that no communications security system is 100.000% secure. Successful ones require so much effort to break that the information is worthless by the time it is extracted and used. Your best policy is to limit the flow of sensitive information, off the network, and use the strongest possible protection. For more reading about rogue access points and man in the middle attacks, see Rogue Access Points and the University of British Columbia Wifi Network.