Businesses have known for a long time that there always are weak links in security, especially mobile security. The worse part is not that businesses get affected by these security issues, but the fact that public awareness is terribly low on how vulnerable this can be. The man in the middle attack has been one of the most exploited ways hackers have tried and managed to steal information and money.
So what is a Man in the Middle attack?
A man in the middle attack is a kind of cyber attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. In simple words, a third person tries to break between a connection between two people without them realizing this and is thus able to sniff and retrieve communication between them.
In fact, public WiFi networks have been the best playground for hackers to perform a man in the middle attack. In recent times, there has been a steep increase in the frequency as well as the severity of such kind of attacks. In simple words, by listening in and intercepting a mobile device’s traffic, hackers can get access to the data flowing to and from the mobile device and hence can gather sensitive information.
As mentioned before, the worse part of this is that public awareness about this is very low and hence when such things happen, the final effect is on enterprises and it can be terrible. If you are wondering how your business gets affected by this then listen to this. If employees are careless about their information or data in public wifi network on their personal devices, you can be sure it’s the same happening on their work devices. This becomes scarier if their personal and work device is the same!
Mobile Man in the Middle Attack
Man in the middle attack is not something new. They have been around for a few years now but have been mostly restricted to computers and laptops. With mobile growing at a fast pace, there has been a shift in emphasis to hacking mobile devices. This is particularly worrying as this gives access to a lot of information like personal identity, location, messages. In fact, hackers can also eavesdrop on conversations.
Mobile apps need to communicate with remote servers in order to function, and most use HTTPS to do so securely. Problems arise however when apps fail to use standard authentication methods properly. Some, for example, don’t reliably check the certificate that proves a server is what it says it is. Others fail to properly verify their server’s hostname.
To be secure, mobile apps have to validate the hostname, ensure the certificate matches the server’s hostname, and ensure the certificate is trusted by a valid root authority.
Who is at risk with a man in the middle attack?
Simply put, everyone in the mobile enterprise is a potential target, but the most vulnerable are those in senior or executive positions in business and government. It is obvious that hackers look out for people who are important or have access to sensitive information. Although, nowadays, since most businesses have started allowing employees to use their personal devices at work, this threat now impacts everyone almost equally. More often than not, it is easier to get access to a network through a device that you would think has the least probability of getting hacked.
The problem is very real and serious. More than 75% of the apps on the Google Play store do no meet basic security checks. Before you start thinking that you are safe on iOS, let me tell you that iOS is equally prone to such attacks.
What can you do to be safe?
Basic methods like antivirus, wrapping solutions, etc. are not sufficient in today’s date. As a business, it is important to spend time in training your employees on how they can keep company data safe by simple things like not connecting to public networks using their company devices. There should also be training and workshops for developers to understand how to build more secure apps and also detect security issues in mobile apps easily.
The most important thing is that security is a changing landscape and to keep up you have to be proactive, always.