Network Attacks

Man in the Middle Attack

A "Man in the Middle" attack often occurs when an access point has minimal or no security. In this attack, a malicious individual obtains access to a network's router and establishes themselves as the new "router". All packets will be first sent to the attacker, the "man in the middle", before they are is sent to their destinations. The attacker can also intercept incoming information, view it, and even modify it before sending it to the user. 

An example of a Man in the Middle attack occurred in February 2015, when Lenovo implemented a SSL certificate authority called Superfish on their products. Superfish allowed ad tracking on websites with SSL connections and modified ad content to better fit the user's purchase history. Unfortunately, Superfish had a vulnerability in their software that allowed attackers to access user browser activity and view all information without encryption. Since the attacker was seen as a trusted authority, because of the verified Superfish certificates, victims could not tell that their information was being stolen. 

War Driving Attack

This attack refers to network attackers who drive through an area looking for vulnerable networks. Since war driving is simply collecting information on networks, it is not illegal; however, war driving often leads to further malicious action. 

Abusing WPS

Routers that are WPS enabled are easily accessible by attackers. The WPS PIN is an 8-digit code that can be cracked in two sets of four numbers independently. This allows an attacker to guess each set of 4-digits in only 10,000 combinations each, making brute-forcing simple.

Network Spoofing

When an attacker spoofs a network, they create a new network that appears identical to a known network, usually at an airport, coffee shop, or hotel. For the unaware user, a network name may appear to be a trusted connection and even require some form of authentication (Accept or Decline statements); when in reality, the attacker has full control of the network.