Let us consider a scenario, where a smartphone user connects to the Internet to determine if the bank transaction is successful or not.
Authors: MAYANK AGGARWAL, SMOBILE GLOBAL THREAT CENTER RESEARCH ENGINEER
Source: Hakin9 3/2010 https://hakin9.org
The user is having a cup of coffee in a cafe, which happens to provide a free Wi-Fi hotspot. The user decides to use the free Wi-Fi hotspot to connect to online bank website and enters account credentials to log in to the site, directly from the browser on his smartphone handset. The user successfully enters the online bank account and verifies the transaction history. After finishing the work, the user log out and closes the web page as requested by the online bank website. At this point, the user has no reason to suspect that anything malicious occurred. The user finishes the coffee and returns to the office. As is the current state of the technology surrounding smartphone devices, there are very limited amounts of reputable applications that even address traditional information security concerns. The reasons why the technology is lacking are wide ranging, but lead to one simple conclusion…basic information security malware and anomaly detection capabilities are limited to signature based malware detection. Let us reconsider the same scenario from an attacker’s perspective. The attacker visits the same cafe that offers a free WiFi hotspot and decides to employ basic host, network identification and enumeration tools from the laptop to enumerate all the active devices connected to the Wi-Fi hotspot. From the results, the attacker notices a MAC address referring to a Nokia smartphone. The attacker know that there is little to no detection capabilities present on an overwhelming majority of smartphone’s in use today, so the owner would likely never find out about a successful man-in-the-middle attack (MITM). The well-informed attacker creates a successful MITM attack. In the meantime, the smartphone owner accesses the online bank website and enters the login credentials required to gain access to the banking information. In this scenario, all of the communication between the smartphone and the online bank site is routed through the attacker’s machine and the attacker can see the login details in plain text, as well as can capture all the sites accessed by the victim. Man in the Middle Attack (MITM) A man-in-the-middle attack intercepts communication between two systems by relaying messages between them. In this attack, the attacker makes an independent connection with both of the victim’s machines. The attacker machine forces the traffic between the victim’s machines to route through it by sending a false ARP reply to both machines. The attacker can then create new connections and kill existing connections, as well as view and replay anything that is private between the targets machines.
If you’d read this article in full version use link bellow for download (only for subscribers)