FBIM Transactions

A rapid development of computers and computer software are some of the causes of the security vulnerabilities that allow attackers to successfully carry out attacks on information systems of their users. The massive spread of the Internet of Things will make a greater difference between the current understanding of the Internet, which is reflected in the "dot-com", "social networks" and web of "experience", and the new Internet that will enable new and revolutionary applications with the potential to significantly improve the quality of life. Given that different devices have come with embedded computer components and connectivity to the Internet, and the possibilities of mutual communication, it is realistic they will be exposed to some variants of attacks that have been seen in practice so far. This paper analyzes some aspects of the "man in the middle" attacks related to the Internet of things. After a short introductory presentation on the Internet of things and "man-in-the-middle" attack, the paper presents the technology of this attack, as well as the benefits that an attacker could have from a successful attack. Also, here are shown some known examples of successful attacks, the economic consequences of such attacks, as well as some of the ways of protection against these and similar attacks. The conclusion shows the summary of the whole analysis together with the assumptions on the future development of the Internet of things and the possible attacks on the connected devices.

Internet of things, man-in-the-middle, IT, Internet, eavesdropping, ARP poisoning, DNS spoofing, SSL hijacking

AP. (2015, July 27). Jeep Hacking Incident Leads to Fiat Chrysler Recall of 1.4M Vehicles. Retrieved from Claims Journal: http://www.claimsjournal.com/news/national/2015/07/27/264766.htm

Barcena, M. B., & Wueest, C. (2015, Mar 12). Insecurity in the Internet of Things. Retrieved from Symantec: https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-insecurity-in-the-internet-of-things-ds.pdf

Covington, M. (2016, Oct 8). Free Wi-Fi and the dangers of mobile Man-in-the-Middle attacks. Retrieved from betanews: http://betanews.com/2016/10/08/free-wi-fi-mobile-man-in-the-middle-attacks/

DuPaul, N. (n.d.). Man in the Middle (MITM) Attack. Retrieved Nov 28, 2016, from Veracode: http://www.veracode.com/security/man-middle-attack

Edwards, R. (2016, Aug 119). Simple Man-in-the-Middle Script: For Script Kiddies. Retrieved from Wonderhowto: http://null-byte.wonderhowto.com/news/simple-man-middle-script-for-script-kiddies-0168192/

Evans, D. (2011, Apr). The Internet of Things - How the Next Evolution of the Internet Is Changing Everything. Retrieved from Cisco - White Paper: http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf

Gregg, M. (2015, Dec). How new technologies are reshaping MiTM attacks. Retrieved from TechTarget: http://searchnetworking.techtarget.com/tip/How-new-technologies-are-reshaping-MiTM-attacks

How to conduct a simple man-in-the-middle attack. (2014). Retrieved from wonderhowto: http://null-byte.wonderhowto.com/how-to/hack-like-pro-conduct-simple-man-middle-attack-0147291/

Jamie. (2016, Feb 12). Protecting IoT Against Man-in-the-Middle Attacks. Retrieved from Bizety: https://www.bizety.com/2016/02/12/protecting-iot-against-man-in-the-middle-attacks/

Jasek, S. (2016). Gattacking Bluetooth smart devices. Retrieved from blackhat: https://www.blackhat.com/docs/us-16/materials/us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool-wp.pdf

Jasek, S. (2016, Jul-Aug). GATTacking Bluetooth Smart Devices - Introducing a New BLE Proxy. Black hat USA 2016 (p. 49). Mandalaya Bay, Las Vegas: Black hat. Retrieved from Black hat: https://www.blackhat.com/docs/us-16/materials/us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool.pdf

Jovanović, M., Maček, N., Franc, I., & Mitić, D. (2016). Modern cyber security threats: On software vulnerabilities and threats. Zbornik radova ZITEH-16 (pp. 1-10). Belgrade: IT Veštak.

Kapil, J., Manoj, J., & Borade, J. (2016). A Survey on Man in the Middle Attack. IJSTE, 2(9), 277-280. Retrieved from http://www.academia.edu/24382368/A_Survey_on_Man_in_the_Middle_Attack

Marquess, K., & et al. (2010, Jun 30). Bluetooth specification version 4.0. Retrieved from Bluetooth.org: https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=229737

Mouser. (2015, Jun 23). The Internet of Things Hits Its Stride. Retrieved from Mouser Elevtronics: https://www.eeweb.com/company-blog/mouser/the-internet-of-things-hits-its-stride

Mutton, P. (2016, Mar 17). 95% of HTTPS servers vulnerable to trivial MITM attacks. Retrieved from Netcraft: https://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html

Sanders, C. (2010, Mar 17). Understanding Man-in-the-Middle Attacks – ARP Cache Poisoning (Part 1). Retrieved from windowsecurity: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part1.html

Sanders, C. (2010A, Apr 7). Understanding Man-In-The-Middle Attacks – Part2: DNS Spoofing. Retrieved from Windowsecurity: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part2.html

Sanders, C. (2010B, May 05). Understanding Man-In-The-Middle Attacks - Part 3: Session Hijacking. Retrieved from Windowsecurity: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part3.html

Sanders, C. (2010C, Jun 9). Understanding Man-In-The-Middle Attacks - Part 4: SSL Hijacking. Retrieved from WindowSecurity: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part4.html

SEC Consult. (2015, Nov 25). House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide. Retrieved from Blog.sec-consult: http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html

Simko, C. (2016, Feb 26). Man-in-the-Middle Attacks in the IoT. Retrieved from GlobalSign Blog: https://www.globalsign.com/en/blog/man-in-the-middle-attacks-iot/

Spring, T. (2016, Aug 11). Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable. Retrieved from threatpost: https://threatpost.com/bluetooth-hack-leaves-many-smart-locks-iot-devices-vulnerable/119825/

Watson, W. T. (2016, Oct 28). The “Internet of Things” attacks. Retrieved from Willis Towers Watson Wire: http://blog.willis.com/2016/10/the-internet-of-things-attacks/