Integrity, by intercepting the communication and modifying messages.Īvailability, by intercepting and destroying messages or modifying messages to cause one of the parties to end communication.Ī typical scenario for this kind of attack involves: two endpoints (the victims), a third-party (the attacker) and a communication channel. MitM attacks have been described for practically any kind of communication technology: LTE (Long-Term Evolution), Bluetooth, NFC (Near Field Communication), IoT, WiFi, HTTPS protocol, operating system processes, etc.Ĭonfidentiality, by eavesdropping on the communication. The term MitM identifies a large category of attacks whose main characteristic is the ability of the attacker to place him/herself, in many different ways, in a point of the path between the victim and the accessed service. One of the best known and most used attacks in the cyberspace is the Man-in-the-Middle (MitM) attack. Among its features, the absence of the need to install malware of any kind on the victim’s machine and the total control it allows the attacker are to be emphasized. It will be seen how BitM expands the range of the possible attacker’s actions, at the same time making them easier to implement. It could be started by phishing techniques and in some cases coupled to the well-known Man-in-the-Browser (MitB) attack. The present paper aims at modelling and describing a new method of attack, named Browser-in-the-Middle (BitM) which, despite the similarities with MitM in the way it controls the data flow between a client and the service it accesses, bypasses some of MitM’s typical shortcomings. However, most of its many variants involve difficulties that make it not always possible. Main goal of MitM is to compromise confidentiality, integrity and availability of data flowing between source and destination. Man-in-the-Middle (MitM), one of the best known attacks in the world of computer security, is among the greatest concerns for professionals in the field.
0 Comments
Leave a Reply. |