a man-in-the-middle attack (MITM) attack is a general term for a cyberattack where a perpetrator positions himself in a conversation between two parties either to secretly eavesdrop.
or computer security, a man-in-the-middle attack (MITM)
attack is a general term for a cyberattack where a perpetrator positions himself in a conversation between two parties either to secretly eavesdrop, intercept communication or modify traffic traveling between the two. The two parties who believe that they are directly communicating with each other are communicating or sharing information with a third party, making it appear as if a normal exchange of information is underway. The perpetrator must be able to intercept all relevant messages passing between the two victims and inject new ones. In most cases it is easy; for example, an unencrypted WIFI can be used by an attacker to place himself as a middle man in a conversation. MITM attacks are a tactical means to an end to stealing, for example, login credentials or personal information like a private key, spy on the victim, or sabotage communications or corrupt data. encryption
can help protect against MITM. However, successful attackers will either reroute traffic to phishing
sites designed to look legitimate or simply pass on traffic to its intended destination once harvested or recorded, meaning detection of such attacks is incredibly difficult.
As MITMs try to avoid mutual authentication
, it can only succeed when the perpetrator successfully impersonates each endpoint sufficiently enough to make them believe. Endpoint authentication is used by Most cryptographic protocols in an attempt to prevent MITM attacks. For example, TLS can authenticate one or both parties using a mutually trusted certificate of trust. A man-in-the-middle Attack (MITM) should not be confused with meet-in-the-middle Attack