The man-in-the-middle concept is where an attacker or hacker intercepts a communication between two systems. It is a dangerous attack because it is one where the attacker poses as the original sender. As the attacker has the original communication, they can trick the recipient into thinking they are still getting a legitimate message.
Within the Internet of Things, we can imagine a scenario where a malicious party may want to fake temperature data from a monitoring device in order to force a piece of machinery to overheat, therefore ceasing production. As well as an inconvenience to the business, this could also potentially lead to physical and financial damage to the operating organization.
Recent Man-In-The-Middle Attacks in the News
There have already been cases where hackers have attacked connected devices such as smart cars. Several lawsuits have recently been filed against major vehicle manufacturers claiming that their cars are defective due to a lack of proper security safeguards. For example, there was the hacking of a Jeep Cherokee back in July, which caused a major recall by Chrysler Corporation. Without these important security safeguards being put in place and rigorously tested, hackers may be able to access and control the vehicles' basic functions, such as brakes, steering and acceleration which could be highly dangerous. A modern connected car may be connected to multiple networks including:
- Wired Automotive Ethernet
Being connected to multiple networks at the same time is also an added risk. There has to be multiple security layers in place to protect each one from compromise.
The key to mitigating this risk for all modern vehicle manufacturers is to implement a layered security approach, such as mobile or device authentication and secure end-to-end network security, using cryptography or SSL encryption within the vehicle’s CAN (Control Area Network). Using SSL encrypted data between a vehicles’ CAN and any wireless or wired connections will make it much more difficult to hack.
Hacked vehicles are an obvious cause for concern, but the dangers presented by apparently harmless devices such as the "smart fridge" also warrant equal attention. The thought of a hacker gaining control of your refrigerator may be less frightening than them taking control of your smart car, but these connected “things” can act as a gateway to much more sensitive and personal information. A great example is the recently exposed man-in-the-middle vulnerability of a Samsung “smart fridge” that allowed the hacker access to linked Gmail login information. With the majority of people using the same passwords for most accounts, the hacker could have easily gained access to multiple accounts with a single piece of information.
Ways to Prevent Man-In-The-Middle Attacks
Digital Certificates for the 'things'
The best possible way to avoid a man-in-the-middle attack is to use a strong encryption method between the client and the server. In this case the server authenticates a client's request by presenting then validating a Digital Certificate and only then can the connection be established.
IoT manufacturers should have identity and authentication in mind when producing devices and sending them out to market. Because a man-in-the-middle attack is all about sending fake information and posing as a device to another device or person, you need a way to prove that devices and people really are who they say they are when they communicate with each other.
Digital Certificates can be installed on every device as a way to prove identity. The problem comes when a manufacturing company has to issue hundreds of thousands, maybe millions of certificates to devices and also manage the issuance, revocation and lifecycle of each of these certificates. A management solution provided by a Certificate Authority such as GlobalSign would potentially solve this problem as high volume deployment can be managed in the cloud and the manufacturer can save time and money in the process.
Digital Certificates for VPNs
Another method to prevent a man-in-the-middle attack is by using an encrypted Virtual Private Network (VPN). A VPN is a communication tunnel between two or more devices. To secure this tunnel you can encrypt everything that goes in and out of it. When encrypted, the attacker won't be able to read the data when they monitor the communications. In this case, the VPN will need a Digital Certificate and then all the devices it communicates with will need a certificate with a public and private key. During communication, required keys are swapped in a handshake and all data remains encrypted until it reaches its final destination.
GlobalSign solutions for mitigating attacks
GlobalSign is an identity services company providing cloud and on premise Identity and Access Management, SSL and PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions. Our identity platform allows enterprises to deploy secure eServices, manage employee and extended enterprise identities, and automate PKI deployments for the hyper-connected world of mobile devices, users and machines. GlobalSign offers solutions; including Digital Certificates, that meet the security needs to prevent man-in-the-middle attacks, as well as other potentially damaging security events.