What is a “man in the middle” attack?

In a man in the middle (or MITMattack, communication between two devices in a computer network is compromised by a third party – the “man in the middle.” In a passive MITM attack attackers “tap” the communication, capturing information in transit without changing it. If attackers attempt to to modify or tamper with the information itself they are committing an active MITM attack.

MITM attacks exploit the fact that a computer network can be manipulated in such a way that all network devices send their traffic to the attacker instead of the router or other nodes. A very common way to launch a MITM attack is by creating a fake node on an publicly-available computer network, such as a coffeeshop’s WiFi network.

Being a man-in-the-middle, the attacker can manipulate the intercepted content as they see fit before relaying it to its intended destination. In most cases, victims of a MITM attack will never be aware that they are under attack.

HTTPS (via SSL/TLS) protects against MITM attacks by encrypting all data with a secret key that is only known to the original client and server. MITM attackers are not able to read or tamper with the encrypted data without knowledge of this secret key.