Monthly Archives: December 2020

What is a “man in the middle” attack?

Posted on by

Believe it or not, this post was inspired after listening to an ad on the radio. I’ll let you know which one right at the end (if I remember)

Imagine the scenario. You’ve popped out to lunch and drop in to Costa/Starbucks/favourite coffee shop. Food’s on the way, your lovely Espresso/Cappuccino/Cortado/super sized hotta mocha choca machiato is in front of you and you realise that you’ve not replied to a very important email.

Free Wifi - made with Scrabble tiles

You get your phone out and remember that, despite all the fuss about 5G, your town hasn’t even sorted 4G but you’ve been here before and know the cafe has free Wi-Fi.

List of WiFi networks

You remember that the Wi-Fi’s called “Stephen’s Wi-Fi Network” so that people can find it easily. You search for it, find it and don’t worry that you log-in seamlessly although you do notice that the signal is a little stronger than normal.

You open the email app on your phone, find the mail that really needs the reply and peck one out on your phone’s keyboard, hoping that the message in your phone’s email signature, saying that this was sent from your iPhone, will help overcome your mistypes and slightly terse language.

You’ve still got some coffee left and it’s pay day so whilst sat down you decide to check your bank account to make sure your pay has gone in. It has, and you have more than you thought. Enough to buy that gift for your lovely partner. For security’s sake you haven’t stored your card details in your phone. Out comes your wallet and you add your card details to the order screen. Click “confirm” and the order’s on it’s way

As you get up to leave you spot the homeless looking chap in the corner. He’s got a really tatty looking laptop and you feel sorry for him, until you see he’s got a huge grin on his face – you walk on by and head back to the office.

At the end of the day and you’re shutting everything down when your phone rings. It’s your partner – you’re puzzled, they don’t normally call you at work

You answer and hear tears at the other end. They’ve been shopping, found a lovely winter coat and decided to buy it but their card, which is on a joint account with yours, was declined.

You are confused. When you checked the account at lunchtime there was more than enough to cover the cost of the gift you ordered and this coat………where did all the money go?

You log in to your account and it’s empty. You can see your gift order but have no clue what all the other transactions are, you’ve not ordered anything else – and neither has your partner.

The Man in the Middle

What’s happened is that you logged in to the wrong Wi-Fi network and your data has been stolen. No, it wasn’t the homeless looking chap it was the chap you never really paid attention too because he looked like a businessman. And he was, its just that his business was theft, theft of credit card details like yours.

He had set up his own Wi-Fi network using a portable hot-spot, hidden in his backpack and connected to his laptop AND the cafe’s network to provide the broadband. He’d given it a name that was so close to the one that you were used to that it was easy to log on to it, rather than the “real” one.

The cafe’s Wi-Fi was “Stephen’s Wi-Fi Network” and the “man in the middle’s was “Stephens Wi-Fi Network” so when you logged in, all your data flowed through his hotspot to the cafe’s Wi-Fi network and on to the internet. With his laptop he was able to access everything that passed from your phone through the hotspot, including your card details when you made your purchase and off shopping he went. 

How to avoid the man in the middle

Either be 100% certain that the network you are connecting to really is the network you want to connect to or avoid Wi-Fi hotspots like the plague. I do………unless there’s no other alternative. And in this scenario I only ever browse the web.