A Man-in-the-Middle (MitM) Attack involves an attacker intruding on an existing connection, establishing himself or herself as a "man-in-the-middle", or someone able to intercept and selectively modify all network traffic between two communicating devices.
If Alice is attempting to communicate with Bob, a MitM attack on Alice (by attacker Charlie) would occur as follows:
- Charlie redirects Alice’s network traffic destined for Bob to himself.
- Charlie takes note of Alice’s public key used to encrypt her data, and re-encrypts her now unencrypted data with his own public key, sending it to Bob.
- Bob decrypts Alice’s information encrypted with Charlie’s public key (unaware that it isn’t Alice’s key) and sends his reply encrypted with his own public key.
- Charlie receives Bob’s reply to Alice encrypted with Bob’s public key, takes note of it, and re-encrypts Bob’s reply with his own public key, and sends it to Alice.
Alice receives Bob’s message encrypted with Charlie’s public key (unaware that it isn’t Bob’s key), and this process continues, with Charlie able to read and potentially modify any messages sent between Alice and Bob without either one of them knowing.