MEST Journal ISSN 2334-7058 (Online) DOI 10.12709/issn.2334-7058

This paper presents some aspects of the Internet of Things (IoT) and attacks to which IoT may be exposed, above all, the man-in-the-middle (MITM) attack. After a short introduction, which describes the essence of the IoT and the MITM attack, used scientific methods and hypotheses are presented. The next chapters show the technology of MITM attacks and benefits that a successful attack provides to attackers. Here are presented also some of the most important examples of such attacks, which had a wider scope or significant impact on the Internet community. This part of the article ends by analyzing the possibilities of protection of IoT against MITM attacks. In the continuation, based on data available, an analysis of MITM attacks is given from an economic point of view. The conclusions show a summary of the entire analysis with assumptions of the future development of these issues.

Amato, F., & Kirschbaum, F. (2010). evilgrade, 'You still have pending upgrades!'. Retrieved from Defcon: https://www.defcon.org/images/defcon-18/dc-18-presentations/Amato-Kirschabum/DEFCON-18-Amato-Kirschabum-Evilgrade.pdf

AP. (2015, July 27). Jeep Hacking Incident Leads to Fiat Chrysler Recall of 1.4M Vehicles. Retrieved from Claims Journal: http://www.claimsjournal.com/news/national/2015/07/27/264766.htm

Barcena, M. B., & Wueest, C. (2015, Mar 12). Insecurity in the Internet of Things. Retrieved from Symantec: https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-insecurity-in-the-internet-of-things-ds.pdf

Cisco. (2016, Dec 16). Different Things Need To Be Protected. Retrieved from Cisco IBSG projections: https://www.cisco.com/c/dam/en_us/about/security/images/csc_child_pages/white_papers/iot-figure1.jpg

Cisco. (n.d.). Threats in Borderless Networks. Retrieved from LearnCisco: http://www.learncisco.net/courses/iins/common-security-threats/threats-in-borderless-networks.html

Covington, M. (2016, Oct 8). Free Wi-Fi and the dangers of mobile Man-in-the-Middle attacks. Retrieved from betanews: http://betanews.com/2016/10/08/free-wi-fi-mobile-man-in-the-middle-attacks/

DuPaul, N. (n.d.). Man in the Middle (MITM) Attack. Retrieved Nov 28, 2016, from Veracode: http://www.veracode.com/security/man-middle-attack

Edwards, R. (2016, Aug 119). Simple Man-in-the-Middle Script: For Script Kiddies. Retrieved from Wonderhowto: http://null-byte.wonderhowto.com/news/simple-man-middle-script-for-script-kiddies-0168192/

Evans, D. (2011, Apr). The Internet of Things - How the Next Evolution of the Internet Is Changing Everything. Retrieved from Cisco - White Paper: http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf

FBI Seattle. (2013, Dec 02). ‘Man-in-the-E-Mail’ Fraud Could Victimize Area Businesses. Retrieved from The Federal Bureau of Investigation - Seattle Division: https://archives.fbi.gov/archives/seattle/press-releases/2013/man-in-the-e-mail-fraud-could-victimize-area-businesses

Gallagher, S. (2016, Oct 21). Double-dip Internet-of-Things botnet attack felt across the Internet. Retrieved from arsTECHNICA: http://arstechnica.com/security/2016/10/double-dip-internet-of-things-botnet-attack-felt-across-the-internet/

Gregg, M. (2015, Dec). How new technologies are reshaping MiTM attacks. Retrieved from TechTarget: http://searchnetworking.techtarget.com/tip/How-new-technologies-are-reshaping-MiTM-attacks

Gregg, M. (2015, 12 11). Six ways you could become a victim of man-in-the-middle (MiTM) attacks this holiday season. Retrieved from The Huffington Post: http://www.huffingtonpost.com/michael-gregg/six-ways-you-could-become_b_8545674.html

How to conduct a simple man-in-the-middle attack. (2014). Retrieved from wonderhowto: http://null-byte.wonderhowto.com/how-to/hack-like-pro-conduct-simple-man-middle-attack-0147291/

Jamie. (2016, Feb 12). Protecting IoT Against Man-in-the-Middle Attacks. Retrieved from Bizety: https://www.bizety.com/2016/02/12/protecting-iot-against-man-in-the-middle-attacks/

Jasek, S. (2016). Gattacking Bluetooth smart devices. Retrieved from blackhat: https://www.blackhat.com/docs/us-16/materials/us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool-wp.pdf

Jasek, S. (2016, Jul-Aug). GATTacking Bluetooth Smart Devices - Introducing a New BLE Proxy. Black hat USA 2016 (p. 49). Mandalaya Bay, Las Vegas: Black hat. Retrieved from Black hat: https://www.blackhat.com/docs/us-16/materials/us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool.pdf

Kapil, J., Manoj, J., & Borade, J. (2016). A Survey on Man in the Middle Attack. IJSTE, 2(9), 277-280. Retrieved from http://www.academia.edu/24382368/A_Survey_on_Man_in_the_Middle_Attack

Marlinspike, M. (2014, Feb 18). sslstrip. Retrieved from KaliTools: http://tools.kali.org/information-gathering/sslstrip

Marquess, K., & et al. (2010, Jun 30). Bluetooth specification version 4.0. Retrieved from Bluetooth.org: https://www.bluetooth.org/docman/handlers/downloaddoc.ashx?doc_id=229737

McAfee. (2016). McAfee Labs Threats Report, September 2016. CA: Santa Clara: Intel Security.

Montoro, M. (2014). Cain & Abel. Retrieved from Oxid.it: http://www.oxid.it/cain.html

Ornaghi, A., & Valleri, M. (2015, Mar 14). Ettercap project. Retrieved from Ettercap: https://ettercap.github.io/ettercap/index.html

Sanders, C. (2010, Mar 17). Understanding Man-in-the-Middle Attacks – ARP Cache Poisoning (Part 1). Retrieved from windowsecurity: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part1.html

Sanders, C. (2010A, Apr 7). Understanding Man-In-The-Middle Attacks – Part2: DNS Spoofing. Retrieved from Windowsecurity: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part2.html

Sanders, C. (2010B, May 05). Understanding Man-In-The-Middle Attacks - Part 3: Session Hijacking. Retrieved from Windowsecurity: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part3.html

Sanders, C. (2010C, Jun 9). Understanding Man-In-The-Middle Attacks - Part 4: SSL Hijacking. Retrieved from WindowSecurity: http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Understanding-Man-in-the-Middle-Attacks-ARP-Part4.html

SEC Consult. (2015, Nov 25). House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide. Retrieved from Blog.sec-consult: http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html

Simko, C. (2016, Feb 26). Man-in-the-Middle Attacks in the IoT. Retrieved from GlobalSign Blog: https://www.globalsign.com/en/blog/man-in-the-middle-attacks-iot/

Song, D. (2001). dsniff. Retrieved from monkey.org: https://www.monkey.org/~dugsong/dsniff/

Spring, T. (2016, Aug 11). Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerable. Retrieved from threatpost: https://threatpost.com/bluetooth-hack-leaves-many-smart-locks-iot-devices-vulnerable/119825/

Watson, W. T. (2016, Oct 28). The “Internet of Things” attacks. Retrieved from Willis Towers Watson Wire: http://blog.willis.com/2016/10/the-internet-of-things-attacks/