Man-In-The-Middle name is self-explanatory! Oh, wait\u2026<\/p>Tweet<\/a><\/blockquote>\n The following example is purely theoretical. Alice calls Bob, Bob responds, and\u00a0B.G.\u00a0Mallory is able to tap the wire in between and hear them both. Or, rather receive and relay their messages to each other. Alice requests an authorization key, Bob sends it. It is Mallory who has it then, and he goes on sending Alice his own key. Alice still thinks it is Bob\u2019s.<\/p>\n Alice then encrypts her messages with the rogue key, and sends encrypted data to \u2013 Bob? Wrong, it goes to Mallory; he may decrypt the information from Alice, read it, modify it, then encrypt it with Bob\u2019s key (that he still has) and relay it to Bob. Bob receives rogue data, believing it is from Alice. Alice also has no idea that her information has never reached Bob.<\/p>\n Alice sends: \u201cCan you meet me tonight? Got a couple ideas to discuss\u201d (Yes, of course, nobody\u2019s going to launch a secure channel to chat about something like this, but, again, it\u2019s just an example of how it is done).<\/p>\n Mallory intercepts this message and sends to Bob the following: \u201cCan you lend me a couple hundred bucks? Got in a mess, need to sort things out, but no free cash right now. Please?\u201d<\/p>\n Bob responds: \u201cUhm\u2026 Okay. What about meeting at 9pm at Harry\u2019s Bar? I\u2019ll bring the cash.\u201d<\/p>\n Mallory intercepts, modifies message cutting out last sentence and relays it to Alice, while continuing his own exchange with Bob:<\/p>\n \u201cThat would be great, but it\u2019s a bit urgent for me. Can you transfer them to my credit card account right now?\u201d (Mallory\u2019s account credentials follow).<\/p>\n Bob: \u201cWell, alright, stand by\u2026 Here we go. Have you received money?\u201d<\/p>\n Mallory: \u201cAh, yes, thank you, thank you, thank you! See ya tonight!\u201d<\/p>\n Meanwhile, Alice sends: \u201cHarry\u2019s Bar? Nice one, will be there by 9. See ya!\u201d, but Bob never receives it. Mallory, in turn relays to Alice Bob\u2019s \u201cSee you there\u201d before they hang up.<\/p>\n In time Bob questions whether Alice is going to return money he\u2019s given \u201cher\u201d, which is met with a well-reasoned surprise and confusion, and potentially leads to a bad conflict. And Mallory gets away with a shiny new $200, no tax deductions.<\/p>\n Well, instead of \u201cBob\u201d there most likely would be some bank, while Alice (a human being) was just checking her account, neglecting precautions.<\/p>\n And \u201cMallory\u201d, in practice, would be, most likely, a \u201crogue\u201d router. An attacker can set up his own device with wireless capabilities to act as though it is a \u201clegitimate\u201d hotspot, then perch himself at some crowded place \u2013 a cafe with free WiFi available or railroad terminal, or airport. The more people, the better. Some of them most likely will be careless enough to hook up to any free WiFi available and then connect to their bank or a commerce site. Bingo one.\u00a0<\/p> Using online banking via public WiFi is like fusing tritium with deuterium.<\/p>Tweet<\/a><\/blockquote>\n The other way it can be done: Exploit a weakness in the configuration or encryption implementation of a legitimate WiFi router. While it\u2019s harder to do technically, actually there is a lot of information about the bugs in popular routers on the Web, and once an attacker takes over one of them, he\u2019s got himself a sort of persistent presence within the attacked network, being able to eavesdrop at any communications passing via the device. Bingo two. Until someone decides to update the router\u2019s firmware. And that\u2019s not happening too often.<\/p>\n Add here a newer type of attack nicknamed \u201cMan-In-The-Browser\u201d. Oh, wait, what a name! That\u2019s some \u201cJohnny Mnemonic\u201d stuff: a 160-170 lbs adult human being packed into a piece of software?<\/p>\n \u00a0<\/p>\n
![\"640\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2017\/05\/06020243\/640.jpg\")
<\/a><\/p>\n