Man in the Middle Hardware Attacks

MITM hardware attacks

An overview of Man in the Middle Hardware Attacks

Imagine this scenario. You’re texting your friend to arrange a time and place to meet. She says 2pm at your local coffee shop, but when you get there, she isn’t there. Maybe she is that friend who is always late, so you wait, but still nothing. An hour earlier, your friend was sitting at the Italian restaurant you both love and she was waiting for you. Why were you at two different locations at two different times? Well, your conversation got intercepted by a hacker who was able to read your messages and alter them without you knowing. This is what is called a man in the middle (MiTM) attack.

Now, of course you and your childhood friend are not the target of hackers and they don’t really care where you want to meet. The interception is of course, not this simple. However, malicious third parties are using this concept to carry out attacks against organizations or specific individuals. A device is needed to perform the attack and there are a variety of different products available for different purposes.

MiTM attack cybersecurity

ATMs are a Prime Target for Man in the Middle Hardware Attacks

ATMs are prime targets for MiTM hardware attacks thanks to the abundance of cash stored inside of them. A way in which this attack can be carried out is through an ATM black box attack. In this attack, a device (usually containing a Raspberry Pi Zero W computer) will connect between the ATM’s PC and the dispenser. This allows the attacker to send cash dispensing commands to the machine.

MiTM Raspberrypi

This type of attack can be challenging since internal access to the machine is required. Never fear, potential ATM hackers, a simpler way is available and costs only $25 on Amazon (no need for the dark web when it comes to this). This device is known as a GL.iNet and is attached externally to the ATM, but provides the same end result.

MiTM attack IoT cybersecurity rogue devices

But ATMs are such a niche target, so why should you even be reading this? Well, it’s not just ATMs that are the target. You might be, too. And no, not for the purpose of finding out your lunch plans. Hackers might want to gain access to the organization you work in and may use you to do so.

Are you Protected against Man in the Middle Attacks?

At this point, you might think that you are protected. Since, in order to access your organization’s devices and network, you need authentication, maybe even biometric authentication. Well, another MiTM attack tool is bypassing this, too. A device known as BeagleBone board is able to circumvent even the most sophisticated forms of biometric authentication like palm-vein scanners.

MiTM attack IoT cybersecurity rogue devices

Hak5 Hacking Tools

There are plenty more devices that can be used for man in the middle hardware attacks. Hak5 is a company that produces a lot of these hacking tools, such as Packet Squirrel and LAN Turtle, and others. These devices, although differing slightly in functionality, both observe network traffic. A more advanced tool, going by the name of Wifi Pineapple, is letting hackers mimic preferred networks and, in turn, gather intelligence.

HAK5 MiTM attack IoT cybersecurity rogue devices

These hardware attack tools, or in other words, Rogue Devices, bypass existing security solutions, such as NAC, EPS, IDS, or IoT Network Security. This is due to a lack of Layer 1 visibility, which means that they go undetected. Hence, in order to evade hardware-based attacks, it is essential to avoid using Rogue Devices. Such awareness is even more crucial as hardware-based attacks occur more frequently, with 37% of threats designed for USB exploitation in 2020, nearly double than in 2019. Further, as USB usage rose by 30% in 2020, attackers are more likely to be successful.

This blog was not meant to scare you, but to make sure that you are more vigilant towards the savvy ways hackers are manipulating you. Who would not want to know about the undetectable, invisible, hidden ways all your information can be obtained by a malicious third party without any way of stopping it? But maybe there is…