Overview
This type of man-in-the-Middle (MitM) attack intercepts or manipulates data transmissions on unencrypted or poorly secured public Wi-Fi networks. MitM attacks occur when an attacker positions themselves between a user and the internet, intercepting or altering data sent over unsecured or misconfigured connections. Public Wi-Fi networks are particularly vulnerable, as they often lack robust security measures, allowing attackers to eavesdrop on communications or inject malicious code.
Examples of some ways to execute a MitM attack include:
- Rogue access points that mimic legitimate Wi-Fi networks.
- SSL stripping to downgrade HTTPS to HTTP. [SSL stripping mentioned in glossary entry on MitM attack]
- DNS spoofing to redirect users to malicious sites.
Risk factors
Man-in-the-Middle (MitM) attacks via malicious public Wi-Fi can arise from:
- Using unencrypted or poorly secured Wi-Fi networks.
- Lack of VPN usage for sensitive transactions.
- Apps that fail to enforce HTTPS connections.
- Lack of awareness of the security risks of open or untrusted Wi-Fi networks.
- Outdated device software or firmware, which may have unpatched vulnerabilities.
- Use of legacy Wi-Fi protocols (e.g., WEP or WPA2 with weak passwords).
- Connecting to rogue access points with familiar names (e.g., "CoffeeShop_FreeWiFi").
Consequences
If an attacker successfully exploits MitM attacks via malicious public Wi-Fi, the following could happen:
- Data Interception: Attackers can steal login credentials or sensitive information.
- Malware Injection: Malicious code can be delivered through intercepted traffic.
- Session Hijacking: Attackers can take over active user sessions.
Solutions and best practices
To mitigate the risks associated with MitM attacks via malicious public Wi-Fi, organizations should implement the following security measures:
- VPN Use: Encourage users to use virtual private networks for secure communication.
- VPN Selection: Appreciate that some VPN services are better than others in terms of the encryption strength they employ to secure communications (e.g., AES256).
- Enforce HTTPS: Ensure all app communications use encrypted HTTPS connections.
- Wi-Fi Warnings: Alert users when connecting to untrusted or open networks.
- Disable Auto-Connect: Disable the auto-connect setting on devices to prevent automatic connection to unprotected public networks by accident.
- Regular updates: Regularly update devices software and apps to patch security vulnerabilities.
- Enable MFA: Activate or set up multi-factor authentication to mitigate credential theft.
