Speaker Key: PB: Phil Brown, DW: David Whelan
PB: Hi, it’s Phil Brown and I’m here with David Whelan. Today we are going to talk about Man in the Middle attacks.
Man in the middle attacks are really tricky because you often have
no idea that they are happening. The idea is that you take on some role
- you try to get to a web site or send an email, or something of
that nature, and you do it the same way you would normally do it but
then the man in the middle intercepts whatever you send or whatever
click you send - your username or password that you typed in.
They then extract it from the flow and it continues on to where it was
going in the first place so you are not aware that anything has
happened to your transmission. The email arrives where it is supposed
to, you arrive at the right website that you are supposed to, but
during the whole process, someone is intercepting everything that you
are sending and receiving, and is pulling it out of this stream.
PB: So nothing is really happening on your computer that you would be able to notice.
Right, and it’s funny because man in the middle actually sounds
pretty invasive - and it is - but some of the better known mobile
platforms, for example, Nokia and Amazon Fire’s silk browser, are
essentially doing a man in the middle attack on every web page you
visit; not to extract anything but in order to optimize, speed up and
cache all of the information that you are sending backwards and
forwards. So this is happening on some devices by default in order
for the browser to be fast and optimized for the mobile web.
PB: And particularly vulnerable if you are using a Wi-Fi connection.
Yes. Any time you are away from your home or office network on what
are called “trusted connections” where there is good security, and
maybe have it attached so it only allows your phone or your laptop to
connect to it, you are at risk of some really interesting attacks,
all of which have really cool names.
PB: Let’s talk about side jacking.
Side jacking is neat. Side jacking is also known as session jacking
and it allows someone to monitor all of the things that you are doing
in a session with your web browser. A web browser session typically
has you arrive at a web site, the web site will then download a piece
of software onto your computer called a cookie, and the cookie will
often hold information about your preferences for that web site and
perhaps your username. That cookie is then intercepted and side
jacked by the person who is listening, the man in the middle.
PB: Right. So there are good cookies and bad cookies.
DW: That’s right. You should always eat the healthy cookies, not the chocolate chip ones.
PB: Now pretty much every web site you go to has some sort of a cookie interface with you and your browsing.
Right. It is incredible how many cookies are being saved onto your
device when you visit a site. There is an awful lot of information
that can be grabbed there. The other thing that is often happening
with a man in the middle attack is sniffing. I have to throw this in
because there is an interesting open source tool called “Snort”.
Someone may use Snort to sniff packets that are going past from your
device. A packet is a little piece of information. When the internet
was developed, rather than sending huge chunks of information slowly
over the web, everything you send (i.e. email, voicemail, web page,
username and password) is broken up into little chunks called
packets. As they are sent across the web, those packets are sniffed
like a dog sniffing a scent, and as it goes by, they sniff and inhale
it, and pull it out of the stream. They can grab all of the packets
that you are sending. So if they are watching you closely on a
public Wi-Fi for example, they can grab all of the packets that
belong to a particular document or email and potentially put them all
PB: Right. And potentially steal all of your clients’ confidential information.
Right. Yes, it really is tricky. Public Wi-Fi, hotels, court
houses, and any place that you can log in but don’t control the network,
you should be concerned about people getting in the middle because
they may not be securing their network as well as you do at the
PB: So the last cool label we will talk about is the evil twin.
Yes, the evil twin. You have been playing around with one called the
Wi-Fi pineapple. It is really interesting because when you connect
to a public Wi-Fi that is using an evil twin, the evil twin is made
to look just like the public Wi-Fi. So if you think you are sitting
down at Starbucks and connecting to a Bell Canada hotspot but you
have to log in and click the little button that says “I agree to the
terms”, you have no idea that it is an evil twin.
PB: Right. You are still using their network but you are going through the man in the middle.
Right. And the man in the middle in this case could be a little box
that is attached to the wall, it could be someone who is actually
sitting in the coffee shop or the courthouse with you and is
monitoring the communications, or it can also be entirely automated.
So someone may have set it up days or months in advance and then
just downloads things that are captured. They are then able to search
for the word password or the word username and other information
that can be grabbed.
PB: One of the main
reasons man in the middle attacks are used is to retrieve all of your
passwords and logins from various sessions.
Right. And you do not even need to log in if your laptop or your
phone is connected to a box account and automatically syncs every
couple of minutes or it is checking to make sure that there is
nothing to synchronize. It may be sending information backwards and
forwards that is susceptible to being grabbed. It is not even a matter
of you doing anything proactively that puts your information at risk -
it could be happening in the background from things you have set up
in the past.
PB: So the best way to avoid the side jacking, sniffing, evil twin?
You have two choices. One is to use a VPN, a virtual private
network, and that is usually an app that you can put on your tablet or
on your laptop. You have to connect to the public Wi-Fi (that
first step where you click the “I agree to the terms” button or
whatever it is, which may or may not be an evil twin at that point) but
then you start up your VPN app. The VPN creates an enclosed,
encrypted pipe between you and the other end of the virtual private
network so even if you are going across an evil twin, the encryption
that surrounds your connection is sort of like the hard shell of an
M&M candy and blocks out the ability of the man in the middle to see
what is going on inside the VPN.
PB: And the second way?
A remote desktop also known as RDP. You may be familiar with the
app “Log Me In”, “Ignition”, or “Go To My PC”. And there are other
free downloads you can get for phones and tablets that will do the
same thing. Essentially, you are opening up a desktop on the remote
computer you are getting to, and that connection itself is encrypted.
You are essentially working on that remote computer so you are not
really sending information across the connection at all. Even if you
were to do that, or cut and paste something, it is still going across
an encrypted connection.
PB: Right. I’m going
to toss out a few more. There is a personal hotspot which you can
purchase from one of the internet providers, such as Rogers or Bell.
It is a secure setup that you can use over 3G or 4G.
That is an alternative to using your phone isn’t it? It is
almost like a little network device, the only reason of which is to
transmit backward and forward - to secure data. And then the other
method which you have just mentioned or alluded to is tethering your
phone to your computer so you are using the 3G or 4G capabilities of
your phone, and that is not going to be vulnerable to a man in the
DW: Right. And if you are
sending confidential information related to your law firm, tethering
or a portable… what did you call it?
PB: The hotspot.
A portable hotspot is probably the best way because then you are
certain that you are not going over Wi-Fi; you are sending it across
your data plan. You need to have a good data plan if you plan to be
sending a lot of information. It really is one of the best ways.
Tethering seems to be very common now on both android and iPhones.
It is very simple to set up for people. The only thing is to be
mindful of the data plans. It does not hurt to boost your data plan
and spend the extra $20-30 to get a lot more security.
And if you have not secured your home Wi-Fi yet, make sure you do
because your home Wi-Fi can be just as susceptible to man in the
middle as Wi-Fi out in the wild.
PB: And that is our look at man in the middle attacks. Thanks David.