Man-in-the-Middle (MITM) attacks have become a very popular method for hackers to gain access to sensitive information, steal credentials or infect endpoints, for instance for ransomware attacks. For retail banks or other financial service companies, Man-in-the-Middle attacks are a true nightmare as ever more people are using mobile devices to perform financial transactions. TrustBuilder Mobile Authenticator brings unique Multi-Factor Authentication (MFA) features that can prevent this type of attack.
A Man-in-the-Middle attack happens when a hacker intercepts communication between two parties who think they are communicating directly. This can happen, for example, when you log into a public Wi-Fi access point in a restaurant, a bar or any other public place. The access point you are using may be someone posing to be a Wi-Fi connection. At that moment, that access point becomes a Man-in-the-Middle.
Why are Man-in-the-Middle attacks dangerous?
By redirecting all your traffic through that malicious device, the Man-in-the-Middle can do a number of things:
- Steal credit card numbers;
- Capture and store all information that you send for later analysis;
- Learn your credentials for login to your bank account;
- Steal your personal information to use for identity theft;
- Manipulate the content of what you are sending – for instance by changing the recipient’s bank account number and the amount of a transfer you are making;
- Redirect you to malicious websites that are hosting malware, for instance to infect you with ransomware.
This type of attack does not only happen in communication between people and servers. Increasingly, MITM attacks happen in machine-to-machine (M2M) communication. The explosion in the number of Internet of Things (IoT) devices being deployed is a dream come true for hackers.
By the way, Man-in-the-Middle attacks are not always inspired by hackers for financial gain. State organizations have been found using the technique to spy on their citizens or on other state’s citizens. And in the Syrian civil war, MITM attacks have succeeded in breaking down a core part of the Syrian internet infrastructure, leaving part of the country without internet access.
How can you prevent Man-in-the-Middle attacks?
MITM attacks are an old technique. When Internet was still very expensive, companies used proxies to reduce costs. A website would be temporarily downloaded to the proxy server, and the user would access this 'local' version of the website. if a special request was done, the proxy would contact the server for the updated results. A MITM attack uses this same technique, where the hacker will store a local copy of the server on his proxy. If the victim then wants to wire an amount, the hacker can alter this information to the ‛real’ server, without the user ever realizing he's not accessing his banking app.
Security specialists have been looking for solutions to this for the last couple of decades. Encrypting data is an obvious form of defense, but not 100% effective: a hacker may still be able to redirect you to malicious sites to infect your endpoint and gain access to your corporate network later. Other mechanisms that are often recommended include using VPNs, firewalls, antivirus and antimalware software, using password managers, etc. And, of course, it does help to raise awareness of users not to click on suspicious links and to keep all software patched and updated. However, all of these defense techniques may found to be lacking to fend off all Man-in-the-Middle attacks.
Why TrustBuilder Mobile Authenticator is your best defense against Man-in-the-Middle attacks
The PSD2 regulation imposes Strong Customer Authentication (SCA) for financial transactions, and this has certainly given a boost to the use of Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA). But as we know, Oath Authenticators (using shared secrets) are not always safe, nor are One Time Passwords (OTP) sent over SMS.
TrustBuilder Mobile Authenticator is safer than these other methods, as we use Out-of-Band: when you want to perform a transaction, you ask the application you are using to send you a push notification. This push notification is sent over a different carrier than the connection to the app. This means a Man-in-the-Middle cannot intercept, change or use this push notification. TrustBuilder Mobile Authenticator combines this with asymmetric cryptography and device binding, making security airtight.
Beside protecting against Man-in-the-Middle attacks, TrustBuilder Mobile Authenticator brings a lot of extra advantages to both consumer and financial service companies or other companies interested in combining user experience with ultimate security. Check out our TrustBuilder Mobile Authenticator for more on Multi-Factor Authentication or contact us for more information.