Mobile Threat Catalogue

Man-in-the-middle Malicious Website Substitution

Contribute

Threat Category: Authentication: User or Device to Remote Service

ID: AUT-8

Threat Description: An attacker able to perform a man-in-the-middle attack could intercept a request for a genuine website and return a fake or malicious website that attempts to capture credentials.

Threat Origin

Man-in-the-Middle Attack 1

Exploit Examples

Using spoofed Wi-Fi to attack mobile devices 2

CVE Examples

Not Applicable

Possible Countermeasures

Enterprise

To prevent captured authentication credentials from enabling persistent access to sensitive services, configure them with authentication methods that use unpredictable one-time cryptographic tokens that are replay-resistant (e.g. public key authentication, FIDO Alliance protocols, pre-shared access codes).

Mobile Device User

To limit the usefulness of captured passwords, do not use the same password or derivations thereof to authenticate to multiple services.

To increase the difficulty of establishing a MiTM attack on a given wireless access session in which authentication credentials are exchanged, avoid authenticating to sensitive remote services over untrusted Wi-Fi networks.

References

  1. “Man-in-the-Middle Attack”, 31 Aug. 2015; www.owasp.org/index.php/Man-in-the-middle_attack [accessed 8/25/2016] 

  2. D. Richardson, “Using spoofed Wi-Fi to attack mobile devices”, blog, 21 Apr. 2016; https://blog.lookout.com/blog/2016/04/21/spoofed-wi-fi-60-minutes/ [accessed 8/24/2016]