• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Dear Journal and the Man-in-the-Middle Attack

May 23, 2018 By Milena Babayev

dear-journal-man-in-the-middle-attack
Dear Journal,

This is where my journey begins. 35,000 feet in the air and as soon as he’s able he powers me on, AGAIN. Whatever happened to “Sorry for a delayed reply, I was on a plane!” Come on man, enjoy 9½ hours of uninterrupted time staring into the clouds, reading that in-flight magazine, or better yet catching up on your sleep! Nope, he’s not listening to me as he’s is impatiently trying to connect to in-flight Wi-Fi, along with many other passengers on this United flight to London. Yes, he flies United. Does he ever learn anything?!

Did you know that a Wi-Fi attack on an open network can take less than 2 seconds. This is scary! Hello? Are you listening to me? You must know how to use Wi-Fi hotspots securely and if you must stay connected, can you at least use a VPN connection?! Or better yet, power me down, sit back, relax, and enjoy the flight.

Did you know that the main Wi-Fi network that passengers are supposed to use on this flight is no different from the public Wi-Fi available at any coffee shop, mall, hotel? I always thought it’s a lot more secure, considering all the security measures we must go through to even travel by air. Nope, the network is wide open.

It’s super easy for hackers to use a man-in-the-middle (MitM) attack to eavesdrop on your data as it travels from point A (your laptop for example) to point B (a website) and see which websites you’re browsing, emails that you’re sending and receiving, and passwords that you use to log in to Facebook.

GOOD BOY! He’s logging into the WatchGuard Firebox SSL VPN. I taught him well!

Download A Field Guide to Secure Wi-Fi–Observations From Your Laptop eBook and continue with me on my  adventure.

Until next time,

Mac

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: secure wi-fi, secure wi-fi cloud, small business, small business wi-fi, small business wireless, WIPS, wireless intrusion prevention system

Comments

  1. Kurt says

    May 23, 2018 at 12:02 pm

    If they can see your facebook password, what’s stopping them from seeing the ssl vpn password?

    Reply
    • Marc Laliberte says

      May 23, 2018 at 2:14 pm

      Most Wi-Fi MitM attacks require that the initial web request is sent over unencrypted HTTP. In normal web browsing, this is common because most users enter a URL without manually specifying whether to use HTTP or HTTPS (e.g. they enter “facebook.com” instead of “https://facebook.com”).

      SSL VPN connections like those to the WatchGuard Firebox on the other hand, are initiated by special client software (not a web browser) and hard-coded to require TLS. An attacker on the wireless network cannot MitM the connection without triggering obvious TLS warnings like certificate errors. If the victim happily clicks through a certificate error, there really isn’t a whole lot you can do to protect them.

      –Marc

      Reply
      • Kurt says

        May 23, 2018 at 3:16 pm

        Facebook automatically forwards the user to “https://facebook.com” if only “facebook.com” is entered so is this a bad example? Many other sites are moving to https only as well, especially with the new Chrome changes coming into affect soon.

        Reply
        • Marc Laliberte says

          May 23, 2018 at 3:57 pm

          Ignoring things like HSTS (which can be defeated using domain name redirects), Facebook and other sites use HTTP redirects in their response messages to forward users to the secure version of their site. Here is an example of the request/response headers for a user entering “facebook.com” into their browser.

          **Request**
          Request URL: http://facebook.com/
          Request Method: GET

          **Response**
          location: https://www.facebook.com/
          status: 301

          The browser sees the 301 status code and sends a new request to the destination returned in the “location” header.

          In the case of a MitM attack, the attacker receives the request via HTTP and uses a proxy to send a new request off to the actual Facebook. This proxied connection is redirected to HTTPS and loads no problem on the attacker’s end. The attacker then sends the loaded content back down to the victim over the original channel, no HTTPS needed.

          –Marc

          Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use