Man-in-the-Middle attacks are top of mind, and many believe they’re the biggest mobile threat. True? Not even close. Read on as we bust this myth with a 3-point assessment that measures how low MiTM risk really is and explain what it takes to prevent MiTM attacks.
There has been a frenzy around Man-in-the-Middle (MiTM) threats to mobile devices in the news, in analyst reports, and in enterprise conversations. Of all the mobile security myths we’ve investigated, this is one of the most baffling. How did it even get started?
When we think of cyber threats across the traditional enterprise, MiTM does not make the top 10 when considering using a laptop remotely or travelling abroad. So, why would it be such a big deal for mobile? The short answer is that it shouldn’t.
Three Factors for Measuring MiTM Risk
Here’s how MiTM stacks up against other threat vectors using the three main criteria for evaluating and prioritizing mobile threats: frequency, degree of difficulty, and scale of impact.
- Frequency: assessing how often MiTM is actually found in the wild
Unlike malware, risky apps, and OS vulnerabilities, MiTM attacks are hardly ever encountered. In fact, a Fortune 10 CISO recently asked me about how real the MiTM threat is. His team tested every Mobile Threat Defense (MTD) solution on the market, and were never able to find a MiTM attack in the wild, even while purposely connecting to every public wifi spot they could find, locally and while travelling. Indeed, one MTD provider estimates that less than 1% of devices encounter man-in-the-middle attacks each year.
Compare that to our Fortune 10 CISO’s search for risky apps and malware. These were immediately found in their environment and live in the app stores. In our analysis of client inventories we see up to 50% of mobile apps have vulnerabilities that pose significant risk to enterprise data and privacy.
Assessment: MiTM attacks are very rare – a tiny fraction of all mobile threats.
- Degree of difficulty: evaluating the anatomy of a MiTM attack?
In order for an MiTM attack to occur, a victim has to be at the wrong place at the wrong time. These attacks are opportunistic, where the malicious actor has to be monitoring a particular unsecured network, the victim has to be connected to that network, and the victim has to be using poorly configured apps or devices that expose data in a way that the criminal can intercept and read (think: no encryption). Further, the victim has to be one of your employees with access to sensitive data in order for MiTM to be an enterprise threat. So, yes, a MiTM attack can happen IF and only IF all of the above details fall into place.
Assessment: MiTM attacks are possible, but very difficult to achieve.
- Impact: measuring the blast radius of users and data compromised
Now let’s look at the actual impact of a MiTM attack. Say all the “if” conditions mentioned above actually occur, and one of your employees happens to be using his phone on a vulnerable network in a coffee shop that is being monitored by a bad actor. What is the actual “blast radius” of the attack? How many sensitive transactions will the employee have in that time period? Probably under ten.
When comparing an extremely rare MiTM attack to the significant enterprise data risks that we see everyday through mobile apps, we can see that the blast radius is much higher for mobile apps. For example, the Eavesdropper mobile app vulnerability shows that a single SDK used in popular apps in the enterprise exposed over 265 YEARS of sensitive audio recordings, text messages, and private communications by appearing in 1,000+ apps with over 180 million downloads. These included sales discussions, health diagnoses and recruiting calls. .
Assessment: MiTM attacks have a fraction of the blast radius of mobile app threats.
Best Practices for Preventing MiTM Attacks
By the time an MiTM attack happens, it’s already a breach – it’s too late to fully eliminate the transfer of sensitive information, to warn the user, trigger a policy, etc. It’s like calling the police after your home’s been burglarized when you could have just locked the door to prevent a theft in the first place.
To learn more about Appthority’s award-winning mobile security solution, get started here.
To prevent against MiTM attacks, you need a Mobile Threat Defense solution that can help you provide strong app hygiene and deep analysis to test apps that access sensitive corporate information. With the right tools, you can ensure that only apps that use proper encryption and certificate pinning are approved for use in your environment. Not every MTD solution can provide this level of mobile app analysis which goes beyond malware detection to include encryption, data destinations and backend server analysis, so be sure to check for this capability.
Once protected with the right MTD solution, your MiTM exposure is zero, as it would be very difficult to intercept or decipher your encrypted data in motion.
So what do you think now – is Man-in-the-Middle still the biggest mobile threat? Nope. So now you’re free to allocate your budget towards the highest priority mobile threats and invest in tools that protect what matters most — your enterprise data and employee privacy.
Watch and share the video on this mythbuster: https://youtu.be/QNsQv7HZnyQ