The Assault From The Man-in-the-Middle
By Sandeep Kasalkar
In a photograph, the man in the middle might always be important, but in this case, it is not just that, it is dangerous, too! A Man-in-the-middle (MITM) refers to a flaw in the popular Ledger hardware crypto wallet programme that researchers discovered way back in 2018. This flaw allowed hackers to change the destination address of bitcoin transactions and divert the victims’ cash to their own wallets. Users who thought hardware wallets like Ledger were the most secure way to hold their digital assets were disappointed by this revelation.
But as the most recent revelation showed, any system that depends on key-agreement protocols and the storing and exchange of secrets is susceptible to man-in-the-middle assaults in some form. The best defence against MITM attacks is to utilise authentication mechanisms that do not require secrets.
How are MITM attacks conducted?
Cryptocurrencies like bitcoin use the blockchain, a distributed ledger of transactions, to transmit and hold funds. Every bitcoin transaction is delivered to a blockchain address that is secured by a set of encryption keys. Any party can send money to an address using a public key that is accessible to everyone, and the address owner can transfer money to other parties using a secret private key.
A malicious actor penetrates two parties’ communication and steals or tampers with the information they communicate in an MITM attack. In the case of the Ledger wallet, malware deployed on the target computer modifies bitcoin transaction destination addresses to include the attacker’s wallet address instead. Users must manually match the address presented on their computer with the one that displays on the Ledger’s display in order to detect and halt the attack.
Passwords, encryption keys, code signing keys, and other sensitive information that we use to identify and authenticate ourselves online have all been stolen by hackers using MITM attacks. Because they give hackers the ability to pass as authorised individuals and carry out extremely harmful deeds like inserting malware into the web pages, data, and programmes that we access and exchange online, MITM attacks are particularly risky.
Role of multi-channel tech to prevent MITM attacks
Man-in-the-middle attackers are aware that we depend on secrets to protect the authenticity of our identities and the confidentiality of our conversations. They will be able to act maliciously on our behalf if they are able to mimic us and obtain access to those secrets.
Hackers would have a more difficult time setting up man-in-the-middle attacks if there were a means to verify yourself, interact, and share information without having to divulge secrets.
Different parties can validate each other’s identities using different platforms which are available in the Market. zero-knowledge authentication without exchanging keys or disclosing sensitive information. Passwords and keys are not stored in the platforms or their apps. Hackers are unable to execute man in the middle attacks without one single point of failure.
Platforms use a multichannel secret sharing technique that authenticates users piecemeal over many channels, such as SSL, Push notification, and encrypted mobile memory, to further protect sensitive processes. This makes it impossible for potential attackers to impersonate the user because they would need to separately compromise each channel.
Many Platforms offer a user-friendly layout that is simple to navigate. The highest level of authentication assurance is maintained without requiring users to recall passwords or go through laborious steps in order to authenticate and authorise operations.
You need to login in order to Like
