Man-in-the-Middle (MitM) attack is one of many techniques that cyber-thieves use to purloin your data. This term is also known as a janus attack or a fire brigade attack.In this attack, an attacker places himself in between a visitor and a web site, impersonating both.
The recent Heartbleed bug is probably the most discussed OpenSSL vulnerability to date. This bug makes MITM more dangerous.even when HTTPS is on an hacker can link a MITM attack with a stolen certificate to steal valuable data.
The recent MITM attack
Last March The mobile apps of credit report provider Credit Karma and movie ticket seller Fandango have exposed millions of consumer’s sensitive personal information, including credit card details.
Apple’s recent security flaw and Android’s VPN flaw reminded us that even the major operating systems make mistakes that put you at risk, as iOS and Android failures allowed attackers to steal both users’ encrypted and unencrypted communications.
How to defend yourself against MITM ?
To prevent such MITM attacks is, to never connect to open WiFi routers directly. If you wish to so, you can use a browser plug-in such as HTTPS rather than the URL’s read HTTP or ForceTLS. These plug-ins will help you establishing a secure connection whenever the option is available.
Enabling a virtual private network (VPN) is another solution that can avail in some cases. This elongates a private network across a public network to encrypt your entire traffic.However this approach has some limitations this type of solution won’t protect a mobile device on a public Wi-Fi network.
Make sure to keep an eye on sensitive online accounts, especially banking and email, for suspicious activity.people increasing uses mobile apps for sensitive transactions.IIn order to provide the best protection for sensitive data, organizations and individuals should invest in a comprehensive mobile security solution. While many companies claim to offer mobile aegis, very few can actually forfend your bank accounts and personal data from network and on-contrivance attacks.