man-in-the-middle attack (MitM) definition

Contributor(s): Mike Cobb

A man-in-the-middle attack is one in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. It’s a form of eavesdropping but the entire conversation is controlled by the attacker, who even has the ability to modify the content of each message. Often abbreviated to MITM, MitM, or MITMA, and sometimes referred to as a session hijacking attack, it has a strong chance of success if the attacker can impersonate each party to the satisfaction of the other. MITM attacks pose a serious threat to online security because they give the attacker the ability to capture and manipulate sensitive information in real-time while posing as a trusted party during transactions, conversations, and the transfer of data.

One common method of executing a MITM attack involves distributing malware that provides access to a user’s Web browser and the data it sends and receives. Malware can also be used to add entries to the local Hosts file – DNS cache positioning – to redirect users to a site controlled by the attacker that looks exactly the same as the site the user is expecting to reach. The attacker then creates a connection to the real site and acts as a proxy, being able to read, insert and modify the traffic between the user and the legitimate site before forwarding them on. Online banking and e-commerce sites are frequently the target of MITM attacks as they can capture login credentials and other sensitive data even if the site encrypts communications using SSL/TLS.

An attacker can also exploit vulnerabilities in a wireless router’s security configuration such as a weak password to launch a MITM attack and intercept information being sent through the router. A malicious router can also be setup in a public place like a café or hotel for the same purpose. Other ways that attackers can carry out a man in the middle attack include ARP spoofing, DNS spoofing, STP mangling, port stealing, DHCP spoofing, ICMP redirection, traffic tunneling, and route mangling.

Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, TLS can authenticate one or both parties using a mutually trusted certification authority. However, unless users take heed of warnings when a suspect certificate is presented MITM attacks can still succeed with fake or forged certificates. For example, China is suspected of using self-signed certificates for SSL MITM attacks against Yahoo!, GitHub and Google to censor access to content on the Internet.

This was first published in June 2015

Continue Reading About man-in-the-middle attack (MitM)

Dig Deeper on Malware, Viruses, Trojans and Spyware



Find more PRO+ content and other member only offers, here.

Related Discussions

Margaret Rouse asks:

How can email clients provide more MitM attack warnings to users about suspicious certificates?

0  Responses So Far

Join the Discussion



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:


File Extensions and File Formats

Powered by: