Technology Practice Tips: Man in the Middle (Transcript)

This is a transcript of a podcast discussing Man in the Middle attacks, what they are, and how to protect your devices from them.

Speaker Key:   PB: Phil Brown, DW: David Whelan

PB:   Hi, it’s Phil Brown and I’m here with David Whelan. Today we are going to talk about Man in the Middle attacks.

DW:  Man in the middle attacks are really tricky because you often have no idea that they are happening.  The idea is that you take on some role - you try to get to a web site or send an email, or something of that nature, and you do it the same way you would normally do it but then the man in the middle intercepts whatever you send or whatever click you send - your username or password that you typed in.  They then extract it from the flow and it continues on to where it was going in the first place so you are not aware that anything has happened to your transmission. The email arrives where it is supposed to, you arrive at the right website that you are supposed to, but during the whole process, someone is intercepting everything that you are sending and receiving, and is pulling it out of this stream.

PB:  So nothing is really happening on your computer that you would be able to notice.

DW:  Right, and it’s funny because man in the middle actually sounds pretty invasive - and it is - but some of the better known mobile platforms, for example, Nokia and Amazon Fire’s silk browser, are essentially doing a man in the middle attack on every web page you visit; not to extract anything but in order to optimize, speed up and cache all of the information that you are sending backwards and forwards. So this is happening on some devices by default in order for the browser to be fast and optimized for the mobile web.

PB:  And particularly vulnerable if you are using a Wi-Fi connection.

DW:  Yes. Any time you are away from your home or office network on what are called “trusted connections” where there is good security, and maybe have it attached so it only allows your phone or your laptop to connect to it, you are at risk of some really interesting attacks, all of which have really cool names.

PB:  Let’s talk about side jacking.

DW:  Side jacking is neat. Side jacking is also known as session jacking and it allows someone to monitor all of the things that you are doing in a session with your web browser.  A web browser session typically has you arrive at a web site, the web site will then download a piece of software onto your computer called a cookie, and the cookie will often hold information about your preferences for that web site and perhaps your username. That cookie is then intercepted and side jacked by the person who is listening, the man in the middle.

PB:  Right. So there are good cookies and bad cookies.

DW:  That’s right. You should always eat the healthy cookies, not the chocolate chip ones.

PB:  Now pretty much every web site you go to has some sort of a cookie interface with you and your browsing.

DW:  Right. It is incredible how many cookies are being saved onto your device when you visit a site. There is an awful lot of information that can be grabbed there.  The other thing that is often happening with a man in the middle attack is sniffing.  I have to throw this in because there is an interesting open source tool called “Snort”.  Someone may use Snort to sniff packets that are going past from your device.  A packet is a little piece of information. When the internet was developed, rather than sending huge chunks of information slowly over the web, everything you send (i.e. email, voicemail, web page, username and password) is broken up into little chunks called packets.  As they are sent across the web, those packets are sniffed like a dog sniffing a scent, and as it goes by, they sniff and inhale it, and pull it out of the stream. They can grab all of the packets that you are sending.  So if they are watching you closely on a public Wi-Fi for example, they can grab all of the packets that belong to a particular document or email and potentially put them all back together.

PB:  Right. And potentially steal all of your clients’ confidential information.

DW:  Right. Yes, it really is tricky.  Public Wi-Fi, hotels, court houses, and any place that you can log in but don’t control the network, you should be concerned about people getting in the middle because they may not be securing their network as well as you do at the office.

PB:  So the last cool label we will talk about is the evil twin.

DW:  Yes, the evil twin. You have been playing around with one called the Wi-Fi pineapple.  It is really interesting because when you connect to a public Wi-Fi that is using an evil twin, the evil twin is made to look just like the public Wi-Fi.  So if you think you are sitting down at Starbucks and connecting to a Bell Canada hotspot but you have to log in and click the little button that says “I agree to the terms”, you have no idea that it is an evil twin.

PB:  Right. You are still using their network but you are going through the man in the middle.

DW:  Right. And the man in the middle in this case could be a little box that is attached to the wall, it could be someone who is actually sitting in the coffee shop or the courthouse with you and is monitoring the communications, or it can also be entirely automated.  So someone may have set it up days or months in advance and then just downloads things that are captured. They are then able to search for the word password or the word username and other information that can be grabbed.

PB:  One of the main reasons man in the middle attacks are used is to retrieve all of your passwords and logins from various sessions.

DW:  Right. And you do not even need to log in if your laptop or your phone is connected to a box account and automatically syncs every couple of minutes or it is checking to make sure that there is nothing to synchronize. It may be sending information backwards and forwards that is susceptible to being grabbed. It is not even a matter of you doing anything proactively that puts your information at risk - it could be happening in the background from things you have set up in the past.

PB:  So the best way to avoid the side jacking, sniffing, evil twin?

DW:  You have two choices.  One is to use a VPN, a virtual private network, and that is usually an app that you can put on your tablet or on your laptop.  You have to connect to the public Wi-Fi (that first step where you click the “I agree to the terms” button or whatever it is, which may or may not be an evil twin at that point) but then you start up your VPN app.  The VPN creates an enclosed, encrypted pipe between you and the other end of the virtual private network so even if you are going across an evil twin, the encryption that surrounds your connection is sort of like the hard shell of an M&M candy and blocks out the ability of the man in the middle to see what is going on inside the VPN.

PB:  And the second way?

DW:  A remote desktop also known as RDP.  You may be familiar with the app “Log Me In”, “Ignition”, or “Go To My PC”. And there are other free downloads you can get for phones and tablets that will do the same thing.  Essentially, you are opening up a desktop on the remote computer you are getting to, and that connection itself is encrypted. You are essentially working on that remote computer so you are not really sending information across the connection at all.  Even if you were to do that, or cut and paste something, it is still going across an encrypted connection.

PB:  Right. I’m going to toss out a few more. There is a personal hotspot which you can purchase from one of the internet providers, such as Rogers or Bell.  It is a secure setup that you can use over 3G or 4G.

DW:  That is an alternative to using your phone isn’t it?  It is almost like a little network device, the only reason of which is to transmit backward and forward - to secure data. And then the other method which you have just mentioned or alluded to is tethering your phone to your computer so you are using the 3G or 4G capabilities of your phone, and that is not going to be vulnerable to a man in the middle attack.

DW:  Right. And if you are sending confidential information related to your law firm, tethering or a portable… what did you call it?

PB:  The hotspot.

DW:  A portable hotspot is probably the best way because then you are certain that you are not going over Wi-Fi; you are sending it across your data plan.  You need to have a good data plan if you plan to be sending a lot of information. It really is one of the best ways.  Tethering seems to be very common now on both android and iPhones.

PB:  It is very simple to set up for people.  The only thing is to be mindful of the data plans.  It does not hurt to boost your data plan and spend the extra $20-30 to get a lot more security.

DW:  And if you have not secured your home Wi-Fi yet, make sure you do because your home Wi-Fi can be just as susceptible to man in the middle as Wi-Fi out in the wild.

PB:  And that is our look at man in the middle attacks.  Thanks David.