On the Octopus Blog, we take a keen interest in the most prevalent hacks used by cybercriminals today.
Understanding the science and methodology behind these attacks can help users be better prepared and equipped to protect their data and digital identities.
Among the more nefarious techniques employed by hackers, the Man-in-the-Middle (MITM) is a particularly nasty one.
A well-executed attack can allow an unauthorized actor manages to intercept and decipher communications between two parties. MITM can also be used to deliver malware-infected files and applications while posing as coming from legitimate sources.
In this post, we’d like to focus one of the lesser known variants of MITM, the man-in-the-browser.
The Ultimate Trojan Horse Scheme
In principle, man-in-the-browser is similar to other MitM attacks in that it allows a hacker to get between the entities exchanging data. What makes men-in-the-browser unique is the method used to do so.
The standard MitM attacks work by an attacker intercepting messages in a public key exchange. The entirety of the attack takes place at the “application layer”, between the webpage the victim is viewing, and the legitimate online system he or she is trying to access.
In a men-in-browser on the other hand, a hacker installs malicious software called a Trojan Horse on a victim’s computer. Through this program, the attacker is capable of controlling all of the user’s internet activity. To understand this distinction, think of it as the difference between someone intercepting a message as it passes between a sender and a recipient (MITM), and some actually controlling what the sender is writing to begin with man-in-the-browser).
Because the activity of a men-in-the-browser takes place between the user and the security mechanisms within that user’s own browser, (instead of occurring in a public exchange like regular MITMs), a men-in-the-browser attack is much more difficult to prevent, identify, and disinfect.
How is MITB Implemented?
Since a men-in-the-browser requires the installation of Trojan malware on the target computer, attackers use different phishing approaches to get their victims to cooperate. Once the Trojan Horse has infected the system, the attacker can then know all the user’s destinations on the internet. Many Trojans designed for men-in-the-browser can then generate code for extra input fields to appear on websites the user visits, thus gleaning all types of personal data.
Out of Band is Out of Browser (OOB)
Because they are so difficult to detect after an infection has occurred–and potentially devastating to users if left unidentified–there is only one effective way of dealing with the threat of men-in-the-browser and other sophisticated MITMs–prevention.
Out of Band (OOB) uses an external device as an authentication factor, verification takes the authentication process out of the browser making men-in-the-browser attacks unable to gather all the credentials required for access.
This is what gives cryptographic push authentications. its security edge. Authentication messages are delivered between servers and users via out-of-band channels, making it impossible for a men-in-the-browser attack to intercept them. Furthermore, on the user end, push relieves the burdens of remembering and entering one-time passwords, requiring only the response to a verification message.
Secret Double Octopus Password-less mobile Multi Factor Authenticator (MFA) utilizes out of band authentication by turning the user’s mobile phone into a high assurance cryptographic device. This out of band authentication uses Secret Double Octopus’s patented technology that leverages the mathematically unbreakable Secret Sharing scheme, blocking not only men-in-the-browser hacks, but also any other variant of the man-in-the-middle attack.