What Is a Man-in-the-Middle Attack? Security Jargon Explained

Chris Hoffman 17-07-2014

A man-in-the-middle attack is difficult to identify and defend against. MITM attacks generally don’t depend on infecting computers on either end of the system. Instead, they depend on controlling the communications equipment between two systems. For example, a malicious router offering free Wi-Fi 3 Dangers Of Logging On To Public Wi-Fi You've heard that you shouldn't open PayPal, your bank account and possibly even your email while using public WiFi. But what are the actual risks? Read More in a public location may perform a man-in-the-middle attack.


An Offline Man-in-the-Middle Attack

Man-in-the-middle attacks were around before computers. This type of attack involves an attacker inserting themselves in between two parties communicating with each other. Man-in-the-middle attacks are essentially eavesdropping attacks.

For example, let’s say you’re communicating with someone over physical mail — you’re writing letters to each other. If you had a crazy mailman, they could intercept each letter you mail, open it, read it, and then repackage the letter and send it to your original recipient. The original recipient would then mail you a letter back, and the mailman would open the letter, read it, repackage it, and give it to you. You wouldn’t know there’s a man in the middle of your communications channel — properly performed, this sort of attack is invisible to the participants.

mail man in the middle attack

This sort of eavesdropping — taking over a communications channel between two participants and eavesdropping on traffic — is the core of a man-in-the-middle attack. It could be worse than simply reading personal correspondence. If you were sending letters back and forth with business plans, the attacker could intercept that data without you knowing.

The attacker could also modify the messages in transit. Let’s say you send a letter to someone. The man-in-the-middle could add a note to that letter, asking for some sort of favor — maybe they ask the person on the other end to include some cash because you really need money. Sure, the writing might not look identical, but the man-in-the-middle could rewrite your letter word-for-word, add their custom message, and mail the letter to the recipient. As long as the man-in-the-middle was doing this the entire time, the recipient wouldn’t notice that it wasn’t your handwriting. The recipient might write a letter back and mention they included some money, and the man-in-the-middle could keep the money, rewrite their letter — omitting the reference to the money — and send the letter to you. This takes a bit of work in an offline world, but it’s much easier to do this sort of thing online where it can be automated by software.


Online Man-in-the-Middle Attacks

Online man-in-the-middle attacks work in the same way. For example, let’s say you connect to a malicious wireless router — perhaps a router offering free Wi-Fi in a public location. You then attempt to connect to your bank’s website. In the most obvious attack scenario, you’d see a certificate error informing you that the bank’s website doesn’t have the appropriate encryption certificate. This would alert you to a man-in-the-middle attack, but quite a few people might click through this error message. You sign into your bank and perform transactions like you normally would. Everything seems to be fine.

In reality, an attacker could have set up a fake server that appears to be your bank. When you connect to it, it fetches the bank’s web page, modifies it a bit, and presents it to you. You sign in with your account details and those details are sent to the man-in-the-middle server. The server then logs in for you, grabs your account details page, and sends you a copy. Everything may look normal, but really there’s a server sitting in the middle, forwarding data back and forth and eavesdropping on the sensitive information. The certificate problem was the only warning — the man-in-the-middle server wouldn’t have the appropriate security certificate your real bank’s website would.

expired ssl certificate error in web browser

With typical unencrypted HTTP websites — not encrypted HTTPS websites What Is HTTPS & How To Enable Secure Connections Per Default Security concerns are spreading far and wide and have reached the forefront of most everybody's mind. Terms like antivirus or firewall are no longer strange vocabulary and are not only understood, but also used by... Read More — you’d have no warning of a man-in-the-middle attack. This is why sensitive web pages like account login pages, online banking systems, shopping sites, and email services are usually offered over HTTPS.


The above attack doesn’t depend on you clicking through a certificate warning. The SSLStrip attack tool can remove HTTPS encryption from a site, so you’d visit your bank’s website, be redirected to an unencrypted HTTP version, and be compromised if you attempted to log in. The only indication there was a problem would be that your bank’s site was being offered over HTTP instead of HTTPS — something very easy to miss.

check for https

Other man-in-the-middle attacks could depend on software infecting your computer — for example, malware 10 Steps To Take When You Discover Malware On Your Computer We would like to think that the Internet is a safe place to spend our time (cough), but we all know there are risks around every corner. Email, social media, malicious websites that have worked... Read More  could hide in the background on your computer, inserting itself between your web browser and the servers it contacts to perform a man-in-the-middle attack on your browser. Such malware should be detectable by good antivirus software, of course.

Defending Against MITM Attacks

MITM attacks are tough to defend against on your end. They generally indicate that a communication channel itself — such as a Wi-Fi router — is compromised. Noticing man-in-the-middle attacks is possible, but the remote server will have to be using HTTPS encryption and you may need a sharp eye. Here are a few tips:


free public wifi dangerous

Man-in-the-middle attacks depend on compromising a communications channel. The communication channel will generally be out of your control, so you’ll want to use a different communications channel if you encounter a potential MITM attack. This may mean disconnecting from a suspicious public Wi-Fi network and using a more secure Internet connection.

Image Credit: Andy Rennie on Flickr, Josh McGinn on Flickr, Erin Pettigrew on Flickr

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *