Ask Floh: What is a MiTM (man-in-the-middle) attack?: Peerio
November 15, 2018

Ask Floh: What is a MiTM (man-in-the-middle) attack?


On today’s episode of Ask Floh, Floh dives into some technical territory and explains what man-in-the-middle (MiTM) attacks are and how you can protect yourself.

Key takeaways:

  • Generally, a MiTM attack means an intruder has intercepted a conversation between two parties.
  • There are many ways a MiTM attack could happen in the network.
  • Use HTTPS; it’s the #1 thing you can do defend against MiTM website attacks.
  • If you need stronger guarantees that you’re talking to the correct person, use end-to-end encryption (E2EE).
  • E2EE provides mechanisms, like public key authentication, to make sure that you’re talking to the right person.
  • E2EE apps also notify you if there’s a change in public key or identity–a sign of a potential MiTM attack.

Transcript:

Hello. Welcome back. This is Ask Floh, your favourite security Q&A show.

And I’m here with a question from just around the corner, Marie in Montreal would like to know:

“What exactly is a man-in-middle attack, and how can I prevent it from happening to me?”

Alright, so there are many different kinds of levels of man-in-middle attacks. But the idea is, generally you’re over here, and you’re talking to someone over here. And someone inserts themselves in the middle, intercepts your conversation and pretends to be the other party. So this can happen technically, in a number of different ways.

One of the ways is, for example, if you’re talking to a website, so there’s you, and there’s the website that’s the other end and you’re, you know, I don’t know, submitting some form data, you’re reading something, and some intruder gets somehow between you and that website.

That can be for example, in your company router, your home router, the Wi-Fi router at the cafe that you’re at, or it can be, you know, a number of different ways. But the idea is that it’s somewhere in the network between you and wherever that website is hosted. And so what that can mean is that if you’re filling out, you know, like, I don’t know, some insurance forms or something like that online, those can end up going to the attacker that has done a man-in-middle attack.

The number one thing that you can do to prevent against this is use HTTPS. And that’s not necessarily up to you. It’s up to the website. So this is why you should care about the little lock that shows up in the browser, which guarantees (to a point) that you’re talking to the correct website, and the data between you and the website is encrypted.

One thing that’s really important to know about encryption is that encryption doesn’t just guarantee the confidentiality of data. But it also as part of the system that sort of provides authentication and proof of the identity of a website and a company. And so this is something that’s built into your browser and built into your computer. But there’s a very complicated mechanism for ensuring the authenticity of websites through HTTPS.

Now, we can take this level further. So this doesn’t necessarily have to be a website, this could be some kind of application. And there’s also many ways that the website or application could be compromised along with their HTTPS connection.

Whenever you’re not just talking to a website, where you’re talking to another person, maybe you want stronger guarantees that you’re talking to the correct person. And so in that case, maybe you want to go for end-to-end encryption. And a good end-to-end encryption application is going to provide these sorts of mechanisms and proofs that you’re talking to the correct person in some form.

For example, there might be something like public key authentication that you can do to make sure that you’re talking to the right person. And then under the hood, there should be something that makes sure that when you’ve established a communication with someone, with a user on service, if something goes wrong, and suddenly the encryption keys, or the identity of that person changes, you’re notified.

So for example, in Peerio, we have something called a Peerio ID number. And whenever that changes, you’ll see warnings all over the application. And in an application like WhatsApp, you might see this person’s security code has changed or something like that. So these are the kinds of mechanisms that are there to let you know that there might be a man-in-middle attack or something of the sort.

Basically, just to wrap it up to summarize, I know that that went into some deep technical territory. But basically, what you want is encryption, and you want to use an encryption provider that is reputable and trusted, and you want to maybe read a little bit about what that encryption provider is giving you, and what the mechanisms against man-in-middle attack look like in the application itself, in the user interface. And then when you’re just talking to a website, you want to make sure that there’s that little lock 🔒 that says this is a HTTPS secure connection.

I hope that was helpful. I know it was a bit of a handful and good luck with that and take care. Bye bye.

Related stories

4 Reasons to Move Your Data to a True Secure Cloud
Ask Floh: How to get started with cybersecurity in the workplace



You know what’s better than secure team communication? Nothing. Peerio gives you a super secure way to chat with your team, store and share files, all in one place. Every message and file stored and sent with Peerio is encrypted end-to-end by default. Learn more.