Man-in-the-middle attack

In cryptography and computer security, a man-in-the-middle^[a] (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties.^[9]

One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.^[10] In this scenario, the attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within range of an Wi-Fi access point hosting a network without encryption could insert themselves as a man in the middle.^[11]^[12]^[13]

As it aims to circumvent mutual authentication, a MITM attack can succeed only when the attacker impersonates each endpoint sufficiently well to satisfy their expectations. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, TLS can authenticate one or both parties using a mutually trusted certificate authority.^[14]^[12]

^ Gabbi Fisher; Luke Valenta (March 18, 2019). "Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception".
^ Fassl, Matthias (April 23, 2018). Usable Authentication Ceremonies in Secure Instant Messaging (PDF) (Dipl.-Ing.). Technische Universität Wien.
^ "Fact Sheet: Machine-in-the-Middle Attacks". Internet Society. March 24, 2020.
^ Poddebniak, Damian; Ising, Fabian; Böck, Hanno; Schinzel, Sebastian (August 13, 2021). Why TLS Is Better Without STARTTLS: A Security Analysis of STARTTLS in the Email Context (PDF). 30th USENIX Security Symposium. p. 4366. ISBN 978-1-939133-24-3. When a Meddler-in-the-Middle (MitM) attacker removes the STARTTLS capability from the server response, they can easily downgrade the connection to plaintext.
^ "Manipulator-in-the-middle attack". OWASP Community Pages. OWASP Foundation. Retrieved August 1, 2022.
^ "MitM". MDN Web Docs. Mozilla. July 13, 2022. Retrieved August 1, 2022.
^ "Person-in-the-middle". October 11, 2020.
^ "From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud". Microsoft. July 12, 2022.
^ Elakrat, Mohamed Abdallah; Jung, Jae Cheon (June 1, 2018). "Development of field programmable gate array–based encryption module to mitigate man-in-the-middle attack for nuclear power plant data communication network". Nuclear Engineering and Technology. 50 (5): 780–787. doi:10.1016/j.net.2018.01.018.
^ Wang, Le; Wyglinski, Alexander M. (October 1, 2014). "Detection of man-in-the-middle attacks using physical layer wireless security techniques: Man-in-the-middle attacks using physical layer security". Wireless Communications and Mobile Computing. 16 (4): 408–426. doi:10.1002/wcm.2527.
^ Cite error: The named reference :0 was invoked but never defined (see the help page).
^ ^a ^b Callegati, Franco; Cerroni, Walter; Ramilli, Marco (2009). "Man-in-the-Middle Attack to the HTTPS Protocol". IEEE Security & Privacy Magazine. 7: 78–81. doi:10.1109/MSP.2009.12. S2CID 32996015.
^ Tanmay Patange (November 10, 2013). "How to defend yourself against MITM or Man-in-the-middle attack". Archived from the original on November 24, 2013. Retrieved November 25, 2014.
^ Cite error: The named reference :2 was invoked but never defined (see the help page).

Cite error: There are <ref group=lower-alpha> tags or {{efn}} templates on this page, but the references will not show without a {{reflist|group=lower-alpha}} template or {{notelist}} template (see the help page).

[cloudflare-1] Gabbi Fisher; Luke Valenta (March 18, 2019). "Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception".

[ifs-2] Fassl, Matthias (April 23, 2018). Usable Authentication Ceremonies in Secure Instant Messaging (PDF) (Dipl.-Ing.). Technische Universität Wien.

[3] "Fact Sheet: Machine-in-the-Middle Attacks". Internet Society. March 24, 2020.

[4] Poddebniak, Damian; Ising, Fabian; Böck, Hanno; Schinzel, Sebastian (August 13, 2021). Why TLS Is Better Without STARTTLS: A Security Analysis of STARTTLS in the Email Context (PDF). 30th USENIX Security Symposium. p. 4366. ISBN 978-1-939133-24-3. When a Meddler-in-the-Middle (MitM) attacker removes the STARTTLS capability from the server response, they can easily downgrade the connection to plaintext.

[5] "Manipulator-in-the-middle attack". OWASP Community Pages. OWASP Foundation. Retrieved August 1, 2022.

[6] "MitM". MDN Web Docs. Mozilla. July 13, 2022. Retrieved August 1, 2022.

[7] "Person-in-the-middle". October 11, 2020.

[8] "From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud". Microsoft. July 12, 2022.

[10] Elakrat, Mohamed Abdallah; Jung, Jae Cheon (June 1, 2018). "Development of field programmable gate array–based encryption module to mitigate man-in-the-middle attack for nuclear power plant data communication network". Nuclear Engineering and Technology. 50 (5): 780–787. doi:10.1016/j.net.2018.01.018.

[11] Wang, Le; Wyglinski, Alexander M. (October 1, 2014). "Detection of man-in-the-middle attacks using physical layer wireless security techniques: Man-in-the-middle attacks using physical layer security". Wireless Communications and Mobile Computing. 16 (4): 408–426. doi:10.1002/wcm.2527.

[:0-12] Cite error: The named reference :0 was invoked but never defined (see the help page).

[:1-13] Callegati, Franco; Cerroni, Walter; Ramilli, Marco (2009). "Man-in-the-Middle Attack to the HTTPS Protocol". IEEE Security & Privacy Magazine. 7: 78–81. doi:10.1109/MSP.2009.12. S2CID 32996015.

[14] Tanmay Patange (November 10, 2013). "How to defend yourself against MITM or Man-in-the-middle attack". Archived from the original on November 24, 2013. Retrieved November 25, 2014.

[:2-15] Cite error: The named reference :2 was invoked but never defined (see the help page).

[a]

[9]

[10]

[11]

[12]

[13]

[14]