Jamf Blog
October 25, 2021 by Liarna La Porta

What is a Man-in-the-Middle (MitM) attack?

As part of National Cybersecurity Awareness Month, we are going back to basics to raise awareness around the various threats that affect mobile devices.

Chances are, your mobile device doesn’t have the same security defenses as your work laptop or desktop computer. That’s why it’s important that you, the end user, do all you can to protect yourself from cyber threats. This article will focus on man-in-the-middle(MitM) attacks: how to recognize if your mobile device is infected, how it happens and what to do next.

What is a man-in-the-middle attack?

A man-in-the-middle attack occurs when the communication between two systems is intercepted by a third party, aka a man-in-the-middle. This can happen in any form of online communication, such as email, web browsing, social media, etc.

The man-in-the-middle can use a public Wi-Fi connection to either listen in on your conversation or try to inject data into your connection to gain access to your browser or app that is trying to move data, or compromise the entire device. Once they gain access to the device, the damage they can do is endless; they can steal credentials, transfer data files, install malware, or even spy on the user.

What are the signs of a man-in-the-middle attack?

A few warning signs that you’re at risk of a man-in-the-middle attack include:

  • Open / public Wi-Fi networks
  • Suspicious SSIDs (Wi-Fi network names) that don’t look right
  • ​​Evil Twin Wi-Fi network attacks simulate known networks, like multiple networks named “StarbucksFreeWiFi” in the same location. In this scenario, one might be fake and could be used to hijack user traffic in a MiTM attack

Once your connection has been intercepted, a hacker can inject various things into your device using the connection. Here are some signs your connection has already been intercepted:

  • Pop-ups or captive portal pages asking for credentials
  • Login pages appear that don’t look legitimate
  • Fake software update pop-ups
  • Certificate error messages

How do man-in-the-middle attacks work?

There are a different types of MitM attack techniques. Below are some examples:

  • Sniffing: hackers use packet capture tools to inspect packets or, by using a wireless monitoring device (which is available on Amazon for less than $100), they can see packets that are addressed to other hosts
  • Packet injection: the hacker can then also use the monitoring device to inject malicious packets into data communication streams, disguising them as part of the communication
  • Session hijacking: if a hacker cannot view your password, they can still take over existing session to online services like social networking accounts
  • SSL Stripping: hackers use SSL stripping to intercept packets and alter their HTTPS-based address requests to go to the HTTP version of the requested site

What to do if you think you have been compromised by a man-in-the-middle

So you’ve got a man-in-the-middle snooping on your connection, what now?

  • Switch off Wi-Fi and use a cellular connection instead
  • Switch connection to your corporate VPN (virtual private network) or ZTNA (zero trust network access) solution, if you have one available
  • Watch out for identity theft warnings and put a fraud alert on your credit account
  • Do not log into unsecured websites
  • Be on the look out for phishing sites that may have been substituted for trusted webpages

How to protect yourself against man-in-the-middle attacks

Since man-in-the-middle attacks are so difficult to detect, the best remediation is prevention. Stay safe from man-in-the-middle attacks by following this guidance:

  • If you need to do online banking in a public place, turn off your device's Wi-Fi and use a cellular connection instead
  • Use a VPN or ZTNA solution if available
  • Change the configuration settings so your devices don’t automatically connect to Wi-Fi by default
  • Check for encryption – you can tell if a website is encrypted by looking for the https and lock symbol at the beginning of the URL
  • Don’t do any banking or enter any account login credentials while connected to public Wi-Fi
  • If you must connect to an open Wi-Fi network, have your device ‘forget’ the network so it doesn’t automatically connect
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.