WiFi Man in the Middle Attacks fully explained

With the cyber crime on the rise, thousands of different malware systems, Petya, new Petya, WannaCry and the likes, it seems that safety has become just a word, virtually impossible to be attained and yet easily lost.

That this cannot be more true proves another threat coming in the form of a packet sniffing also known as spoofing technique, ready to take the eavesdropping to the next level.

WiFi Man in the Middle is an attack that, if done correctly, becomes virtually impossible to detect, which is why it represents one of the more dangerous attacks in the world of cyber space in the past years.

Designed to steal the data interchanged between two endpoints (also known as users).

WiFi  Man in the Middle acts as an impersonator of one or both of the endpoints, stealing the information transmitted between these legitimate users. 

But how does it really work technically speaking?

The idea behind these hoaxed messages is to convince the end users to update their routing data appropriately, which will in turn enable WiFi Man in the Middle attacker to instruct the users’ machines that the appropriate MAC address for the given IP address will, from now on, be the MAC address of the Man in the Middle attacker’s machine.

This enables WiFi MitM attacker to be in possession of all the traffic the user transmits.

However, the Man in the Middle attacker does not stop there.

He again does the ARP spoofing, this time on to the router, instructing the router to send all the traffic that the user receives straight to his machine. 

The circle has been closed, the Man in the Middle has been incorporated so that all the traffic to and from end user has to go through the attacker. 

This basically means that the WiFi MitM attacker can forward the data transmitted to the user, change it completely or keep it to himself.

An example of how it really works

Let’s simplify it. Imagine Bob, Cynthia and Mandy. Cynthia wants to intercept the message that Bob sends to Mandy.

Bob is of course in the local café, drinking latte and using the oh-so-desired FREE WiFi.

Prior to sending Mandy a message, Bob needs to know her public key (a cryptography system that enables the message to be encoded and then again decoded).

He sends a request for Mandy’s public key. She authorizes it and while the information is being transmitted here comes Cynthia, intercepting the message and finally getting Mandy’s public key.

Once in possession of Mandy’s public key, she can ask for Bob’s public key as well under the guise of Mandy, send another encrypted message.

All the while Bob is completely clueless, believing that it is Mandy that he is talking with. 

When Cynthia receives Bob’s public key, she takes over the communication between Mandy and Bob, deciphering all the messages received and encrypting all the messages sent.

She becomes an omnipresent entity, fully aware of everything that’s going on between Mandy and Bob. But that’s not all.

She becomes a deciding factor, the one steering the conversation in the direction she chooses, changing the messages between Bob and Mandy.

Yes, she becomes an Internet God, or better to say the Goddess, in control of everything ready to play with the lives of Bob and Mandy.  

The attack just explained is a likely scenario and can be performed by any WiFi MitM attacker who uses the same broadcast domain as you. 

This basically means that while you are blissfully sipping a hot cup of Joe and taking advantage of that free Starbuck’s WiFi to browse the Internet, send messages to friends, receive new messages, check emails , update your cover photo etc, there might be someone, sitting  right next to you, eavesdropping on everything that you are doing.

And not just eavesdropping, but rather changing the messages you send or the ones you receive.

The same scenario might also happen right in your house, when you connect directly to your home connection (Roadrunner and the like).

Just imagine what your neighbor MitM attacker might know about you!