Wi-Fi Man-in-the-Middle Attacks: New eBook on What to Know, How to Stop Them

October 05, 2017
Duane Kuroda

Anyone who leaves home with a mobile phone (i.e. everyone) knows it won’t be long before they connect to a wireless network. And when they do, it had better be a trusted and secure choice so they don’t endanger their personal identity or company data. Unfortunately, many organizations are struggling with how to keep their mobile employees, and by extension their data, safe from the wrong hands during Wi-Fi connections. To help, and in the spirit of Cybersecurity Awareness Month, today we released a new eBook entitled “Wayward Wi-Fi: How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk.”

What is a Wi-Fi man-in-the-middle attack?

There are more than 288 million Wi-Fi networks worldwide—and many of those networks pose a serious security risk to mobile device users. Cybercriminals know our digital society runs on our need to constantly seek an internet connection and they are actively taking advantage of it. While most savvy users know to only join secure networks or create their own hotspot, what many don’t realize is that between 20 to 30 percent of free hotspots are compromised. Of those, “man-in-the-middle” attacks represent the most widespread and dangerous Wi-Fi attack vector.

Simply put, a man-in-the-middle attack is when a malicious actor places him or herself in between you and your internet connection, virtually “intercepting” data sent and received by the unwitting victim. Their goal: steal your usernames, passwords, identities and often inflict financial disaster.

Once completed, criminals can see everything including critical passwords, all your email and even re-route you to data-stealing websites. They are especially looking for your email credentials because they are the single most sensitive piece of information you have. Almost any other account password can be reset once attackers have access to your email account. Bank account access, social media accounts and more.

Captive Portals, Website SSL Splitting and Stripping—and Content Modification

Our new eBook outlines the various types of man-in-the-middle attacks to make it easy to decipher fraudulent captive portals, website SSL splitting and stripping, and website content modification.

For example, to use an aviation analogy: while most flying is uneventful, takeoff and landing are the most dangerous parts of the trip. Similarly, the most dangerous part of connecting to a Wi-Fi network is at the captive portal. This is when login credentials are captured, identities verified, and in some cases financial transactions made.

And have you ever tried to watch a blacked-out NFL game or free movies on the internet? While possible, those websites bring a hidden penalty of malvertising, pop-up adds and poor security, which add up to serious risk.

Some even require “video player” downloads of one type or another to see the game or movie. You’ve really got to love your team to expose yourself to this much risk, because clicking on these options can effectively deliver your computer to cyber thieves, enabling them to inject malware, redirect you to a phishing site or modify the content you’re seeing.

While those are just a few examples, it’s clear the issue of Wi-Fi attacks will only amplify as more internet-enabled devices hit the market. To download a copy of our new “Wayward Wi-Fi: How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk” eBook, please visit https://www.proofpoint.com/sites/default/files/pfpt-us-ebook-wayward-wifi.pdf. I also encourage security teams to listen to our webinar on Wi-Fi attacks and vulnerabilities. It dives deep into the issue and is based on our global threat intelligence.