The rate of cyber-attacks has increased by multi-fold in the past decade. Some common types of Cyber attacks are SQL Injection, Buffer Overflow Attacks, Denial-of-Service attacks, Session Hijacking.
A Man-in-the-Middle(MITM) attack is a kind of session hijacking in which a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late.
Let’s take a scenario
Suppose you’re sitting in a coffee shop or an airport, connected to a Wi-Fi, and checking your emails. If a person is able to connect his device to the router physically(mostly the connection is physical) and well-versed with the skills of session hijacking then he can have access to whatever data you’re exchanging with the server even if the router is using a WPA2 encryption protocol.
The basic reason of session hijacking is that both http and https are stateless protocols.
Apart from the theoretical definition, let’s see how it is used in session hijacking.
Anytime you visit a website, the flow is like this:
- You get connected to a server.
- You retrieve information.
- The connection gets terminated.
But wait, how is this possible? Suppose the case of Facebook, you log in to your account and after getting logged-in the connection gets terminated?
So in that case, if we want to go from our home page to our friend’s profile or even simply we want to refresh the page then it shouldn’t remember who we are(our profile credentials) since our connection with the log-in page already got terminated.
Or consider that you have added 4 items to your cart on Amazon, now that you’ve retrieved your cart items data your connection with the Amazon server got terminated, now if you move to checkout page so it shouldn’t remember who you’re, your cart items, etc.,
But normally nothing like that happens because here Browser cookies come into the play, it remembers all our stateful information. So now you must have understood the importance of cookies and why is it necessary to have cookies encrypted.
Now after understanding the stateless nature of HTTP and HTTPS protocols, it is clear that if someone can somehow access someone else’s cookie than he can easily impersonate that person and that’s how session hijacking works.
You must have changed your Facebook password or tried to deactivate your account, it asks first for your old password to proceed further because if your session gets hijacked so apart from using your cookies, the hacker needs to know your password to perform any malicious operations.
There are many tools that have been used to execute session hijacking. Some of them are:
- WhatsApp Sniffer
Interactions Susceptible to MITM Attacks
- Financial sites — between login and authentication
- Connections meant to be secured by public or private keys
- Other sites that require logins — where there is something to be gained by having access
Other Forms of Session Hijacking
Other forms of session hijacking similar to man-in-the-middle are:
- Evil Twin
- Encrypted data traffic between two endpoints. https which uses SSL/TLS(a practical implementation of cryptography) provides that feature.
A very helpful article describing how to add SSL certificate to your website — https://spacetechquest.com/technology/add-ssl-certificate
- Use HTTPS Everywhere, it is a chrome extension that automatically switches thousands of sites from insecure “HTTP” to secure “HTTPS”.
- Using Public key & Private key Cryptography or one-way encryption.
- Using SSH(secured shell).
Another protocol that allows us to create a secured shell from one computer to the next. It gives you a terminal window when you SSH into a remote machine, the terminal window allows you to run commands which are applications that run on the remote machine. Basically SSH acts as a server and we as a client will log-in into it and execute a command on that remote machine and all the information we send over SSH is secured. It also uses the concept of Public and Private keys as mentioned above. Also, we can use Port Forwarding & Dynamic Port Forwarding which is proxy over SSH such that no one would be able to look into our unencrypted packets because it is being encrypted over the SSH.
So now even if we have so many ways of protecting ourselves, there still remain chances of cyberattacks. In the last, we need to rely on our common sense before taking things granted, make sure the sources from where we are exchanging information are trustworthy.
So next time you see someone sitting at the airport or anywhere with this —
Disconnect from Wi-Fi immediately until it’s too late. Make sure to stay safe especially when using public Wi-Fi!
Image Source: Google