2017-08-31

Wireless Local Area Network Man in the Middle Attacks

Definition

Open wireless local area network (Wi-Fi or WLAN), connections in café's, hotels, malls, airports, airplanes and other public places, provide easy and free access to the Internet with a wider bandwidth. Unfortunately, an open and unsecured wireless local area network allows anyone to receive victims traffic and launch a Man in the Middle attack (MitM). Even if the victim is securing the communications for essential services, unsecured communications may reveal the victim's password if they are reused in several services.

Brief scenarios

A hacker creates an “evil twin” Wi-Fi access point in the same premises that open Wi-Fi is expected. Once a victim launches unsecured sessions, a hacker can capture all traffic. Another way is to listen to the public Wi-Fi traffic over unsecured access and sniffing “session cookies” to acquire passwords. If the victim further allows file sharing over the Wi-fi, hacker plants software into the targetted device to execute malicious deeds.
Even if the Wi-Fi access is secured, but the password given to the public is simple, seldom changed or easily cracked, a hacker can obtain the traffic.

Protection

There are the following ways to prevent a probable Man in the Middle attack:

  • Use Virtual Private Network but acknowledging that researchers have studied 283 free VPN apps on Google Play and found that 50% of them store client’s traffic for their use, 38% of them injected malware or malvertising. About 18% of them did not encrypt the traffic. So, use only professionally provided VPN services (Ikram et al., 2016).
  • Use Secure Sockets Layer (SSL), i.e., sessions using https.
  • Turn off sharing by choosing ‘Public’ option from Operating System
  • Keep Wi-Fi off when not using it.


References

1. https://usa.kaspersky.com/resource-center/preemptive-safety/public-wifi-risks
2. http://www.huffingtonpost.com/michael-gregg/six-ways-you-could-become_b_8545674.html
3. http://www.npr.org/sections/alltechconsidered/2017/08/17/543716811/turning-to-vpns-for-online-privacy-you-might-be-putting-your-data-at-risk
4. http://www.icir.org/vern/papers/vpn-apps-imc16.pdf

No comments:

Post a Comment