A man-in-the-middle attack involves a malicious actor intercepting packets sent from a user to a secure application. Once the attacker intercepts and decrypts the packet, they are free to act with that information as they want. They could steal the user’s password or even manipulate the data.
Below are some common methods hackers use:
Homograph Attacks
Homograph attacks involve tricking users into clicking on links that look very similar to the website they were trying to visit. This can be done by registering domains that use a different character set than the standard ASCII characters. Cybersecurity researcher Xudong Zheng was able to purchase a domain that looks very similar to apple.com. The only difference is that the ‘a’ in apple had a different Unicode value than a typical ‘a’. This was done as proof of concept. But if a user were to click on that fake apple.com link, they could be sent to a website that would very closely resemble apple.com
SSL Stripping Attacks
SSL stripping attacks occur when a malicious actor downgrades a user’s web traffic from a secure connection (HTTPS) to an insecure one (HTTP). First, a hacker needs to intercept the user’s request. Once the request is intercepted, the hacker reaches out to the website as if they were the original user. If the website sends information back, the hacker sends back that information to the user unencrypted, and the cycle repeats until the user is done with the transaction. During this time, the hacker can see any information sent by the user and may even change what information the user sends to the website if they want.
How Does Helix Handle Man-In-The-Middle Attacks?
Helix is immune to man-in-the-middle attacks. When Helix challenges a user for authentication, the user does not send their password back to Helix. If a man in the middle is listening in on the challenge, they don’t see any credentials; instead, they see responses to the challenge, and those responses do not reveal anything about the user’s credentials.