What is it?
Also known as a sniffing or snooping attack, an eavesdropping attack occurs when someone takes advantage of unsafe or unsecure network communications to steal information shared or sent through digital devices. These attacks tend to be successful too, because no abnormalities can be identified in the network transmissions themselves. It can be used to capture everything from important passwords to credit card details and sensitive personal information so it’s something that both businesses and individuals need to take seriously.
How does it work?
To carry out an eavesdropping attack, cyber criminals must take advantage of a weak network connection that will allow them to transfer network signals to themselves. This is done by installing network monitoring software (sniffers) either on a PC or server, that handles the attack and catches the data being transferred. Wi-fi hotspots and websites that do not run over HTTPS are the most common examples of weak or unsecure networks that are vulnerable to eavesdropping.
How can you protect against it?
As we mentioned already, eavesdropping attacks are incredibly hard to detect and as a result, the best protection against eavesdropping is prevention and avoidance. That essentially means taking a proactive approach to your online security. Some top tips to help avoid eavesdropping include using personal firewalls, keeping all antivirus software up to date, using VPNs and avoiding public networks, particularly for sensitive transactions like banking.
Previous examples of eavesdropping attacks…
Wireshark was a sniffing program that caused Android smartphone users a big headache back in 2011. The attack involved authentication tokens which were sent over an unencrypted Wi-Fi network and this allowed Wireshark to view, steal, modify and even delete private data, which in turn meant users could be tricked into handing over more sensitive data directly to the attacker.
iOS users had their fair share of trouble too though, this time in 2015 when over 25,000 iOS apps were vulnerable to eavesdropping attacks thanks to a bug in the open source code library AFNetworking. The bug meant HTTPS encryption could actually be taken down!
So there you have it, a mini overview of eavesdropping attacks and how to avoid them. If you think your business needs better cyber security
don’t rest on your laurels, contact our team