How to gain trust back in your cybersecurity system

Man-in-the-middle (MITM) attacks: explained

Samuel Metzler Data Breach, Security Threats

Man-in-the-middle (MITM) attacks: explained

If you’ve ever watched this scene from Spongebob Squarepants, then you have a basic understanding of a man-in-the-middle (MITM) attack.

How does a man-in-the-middle attack work?

The attacker sets up rogue hardware pretending to be a trusted network, namely Wi-Fi, in order to trick unsuspecting victims into connecting to it and sending over their credentials. MITM attacks can happen anywhere, as devices connect to the network with the strongest signal, and will connect to any SSID name they remember.

MITM attacks take advantage of an unsecured or misconfigured Wi-Fi network. The most common way is spoofing an SSID. The attacker will set up near the target network, usually in busy places with open Wi-Fi, like a coffee shop. The rogue access point is deployed and the SSID (Wi-Fi name) is “spoofed”, meaning the attacker creates a name similar to the legitimate SSID.

What makes man-in-the-middle attacks so dangerous?

Devices connect to the strongest signal so if someone’s not paying attention, their device can connect with the fake SSID and their passwords will get stolen. MITM attacks can be discovered and stopped, but the attacker can still get away the data already stolen.

Businesses that fall victim to MITM attacks can lose credibility with customers and have to spend time and resources fixing the problem. The IT department will now be in hot water by allowing this attack to occur. Many MITM attacks succeed because of the insecure network.

Credential-based networks are vulnerable to MITM attacks

Wi-Fi networks that rely on passwords can easily fall victim to MITM attacks because of how EAP authentication is set up. EAP (Extensible Authentication Protocol) transports digital information from two parties, such as device and a server. EAP-TLS, EAP-TTLS-PAP, and PEAP-MSCHAPv2 all use EAP for the purpose of securely authenticating devices to a Wi-Fi network.

TTLS-PAP and PEAP are both credential-based authentication protocols, relying on end users to maintain network security and configure their devices. Just one misconfigured device can open a door for attackers to deploy a MITM attack.

TTLS/PAP uses cleartext instead of encryption to send credentials, meaning less work for the attacker. PEAP does not fair much better since the discovery of a critical weakness in it’s encryption method allows hackers to easily decrypt the data caches and run off with whatever information is inside.

Does your network use TTLS/PAP or PEAP-MSCHAPv2? Try Server Certificate Validation, which is a configuration setting that ensures devices only connect to the correct SSID, eliminating the MITM threat. However, ALL devices need to be configured for for Server Certificate Validation in order to work, which is easy with the right onboarding software.

Certificates can stop man-in-the-middle attacks

The key is to encrypt the information going through the encrypted tunnel, using x.509 Certificates. Certificates are digital documents used to prove the identity of devices, just like passwords, but with a higher level of encryption. A hacker deploying a MITM attack may be able to get the certificate, but it would be completely useless for the attacker. This is where EAP-TLS prevails.

MITM attacks are useless against EAP-TLS authentication

While all three protocols employ the encrypted tunnel, EAP-TLS requires encryption of the information in the tunnel. Many major companies are switching over to certificate-based authentication because of EAP-TLS’s superior network security.

EAP-TLS requires users to enroll for a certificate, enforcing the use of organizational onboarding software that correctly configures all devices for network authentication. This automated enrollment process does away with manual configuration, removing the onus from the end user.

Encrypt your Wi-Fi network to prevent MITM attacks

A man-in-the-middle attack is so dangerous because it’s designed to work around the secure tunnel and make itself an endpoint. The best way to prevent MITM attacks is to encrypt the data through certificates and EAP-TLS authentication. Passwords are no longer a viable option and certificates are the future of online security. Click here to see how inexpensive and easy it can be to deploy certificates for your Wi-Fi network.