1 00:00:00,260 --> 00:00:02,140 When you talk to your friend on the phone or 2 00:00:02,140 --> 00:00:06,260 meet up with a coworker, you can recognize their voice or face. 3 00:00:06,260 --> 00:00:08,070 But computers aren't that smart. 4 00:00:08,070 --> 00:00:10,430 To them, it's just ones and zeros coming and going. 5 00:00:10,430 --> 00:00:14,110 And this lack of distinction can be exploited. 6 00:00:14,110 --> 00:00:17,940 Someone else can pretend to be Gmail, for example, and trick you and 7 00:00:17,940 --> 00:00:21,680 your computer into thinking you're just logging into your email. 8 00:00:21,680 --> 00:00:24,910 They can even claim to be you to your contacts. 9 00:00:24,910 --> 00:00:28,148 This video explores the general concept of this interception and 10 00:00:28,148 --> 00:00:32,350 impersonation, called man-in-the-middle, and ways to prevent it. 11 00:00:32,350 --> 00:00:37,180 Let's return to our illustration of common Internet traffic inside the coffee shop. 12 00:00:37,180 --> 00:00:38,470 You're on your laptop, 13 00:00:38,470 --> 00:00:43,430 connected to the open WiFi network with other people in the coffee shop as well. 14 00:00:43,430 --> 00:00:47,445 One of those people could be malicious and take control of the coffee shop router. 15 00:00:47,445 --> 00:00:52,241 [SOUND] Maybe the device is shipped with a default admin password that was never 16 00:00:52,241 --> 00:00:52,916 changed. 17 00:00:52,916 --> 00:00:55,120 It happens more often than you might think. 18 00:00:55,120 --> 00:00:59,220 I'm simplifying a bit here, but this malicious user can send a message to 19 00:00:59,220 --> 00:01:03,560 the router to say that their computer's IP address is actually the address for 20 00:01:03,560 --> 00:01:08,430 a given website, http://LocalBank.com, for example. 21 00:01:08,430 --> 00:01:13,510 Now all requests for http://LocalBank.com from that coffee shop will 22 00:01:13,510 --> 00:01:18,630 go to that computer instead, including passwords or other secret information. 23 00:01:18,630 --> 00:01:21,850 Sometimes this can be very difficult to detect. 24 00:01:21,850 --> 00:01:25,870 That malicious user can pass on the traffic to the intended destination, 25 00:01:25,870 --> 00:01:30,450 as well as pass back a response without anyone noticing a difference, 26 00:01:30,450 --> 00:01:33,070 essentially just passively observing. 27 00:01:33,070 --> 00:01:36,966 This is dangerous enough, as now they have your login credentials and 28 00:01:36,966 --> 00:01:38,890 can access your account any time. 29 00:01:38,890 --> 00:01:42,630 But let's you try to set up two factor auth for your account. 30 00:01:42,630 --> 00:01:46,440 Your bank verifies it's you with some security questions that the attacker now 31 00:01:46,440 --> 00:01:50,920 knows, and then you give them your phone number for them to text the code. 32 00:01:50,920 --> 00:01:54,000 The malicious user can substitute their own phone number, 33 00:01:54,000 --> 00:01:58,790 receive the texted code and enter it themselves, and then text you the code. 34 00:01:58,790 --> 00:02:00,950 When you attempt to enter the code, 35 00:02:00,950 --> 00:02:03,990 they already have the bank's response ready for you. 36 00:02:03,990 --> 00:02:08,160 This is no longer just passive eavesdropping, now it's active deception. 37 00:02:09,340 --> 00:02:12,850 The man-in-the-middle attack can take many different forms. 38 00:02:12,850 --> 00:02:16,270 The key point here relates back to one of our first videos, 39 00:02:16,270 --> 00:02:18,480 it's all about authenticity. 40 00:02:18,480 --> 00:02:21,220 You want to be certain that the person you are talking to or 41 00:02:21,220 --> 00:02:24,570 the website you are visiting is who they say they are. 42 00:02:24,570 --> 00:02:27,780 How the Internet enforces this concept is usually through HTTPS. 43 00:02:29,720 --> 00:02:35,210 HTTPS is a secure version of HTTP, or Hypertext Transfer Protocol. 44 00:02:35,210 --> 00:02:40,100 These two protocols make up a large portion of how our Internet traffic works. 45 00:02:40,100 --> 00:02:43,130 You can often see a green lock in your browser's address bar for 46 00:02:43,130 --> 00:02:47,340 sites that support HTTPS, like Google or Facebook. 47 00:02:47,340 --> 00:02:51,660 You should consider HTTPS a must for any activity that involves sensitive 48 00:02:51,660 --> 00:02:53,810 information, like purchases or bank logins. 49 00:02:55,310 --> 00:03:01,050 For this last example, if your bank's website is usually https://LocalBank.com, 50 00:03:01,050 --> 00:03:06,380 but for some reason you could only get to http://LocalBank.com at the coffee shop, 51 00:03:06,380 --> 00:03:09,420 then that could be a hint of a man-in-the-middle attack. 52 00:03:09,420 --> 00:03:13,060 Certain browser plugins and tools like HTTPS Everywhere 53 00:03:13,060 --> 00:03:16,800 can force your browser to serve the more secure versions of sites when available. 54 00:03:17,810 --> 00:03:20,780 Another problem with that previous scenario is that you were stuck 55 00:03:20,780 --> 00:03:22,577 with an open WiFi network. 56 00:03:22,577 --> 00:03:25,410 The best solution would be to convince the coffee shop 57 00:03:25,410 --> 00:03:28,400 to add a strong password to their network. 58 00:03:28,400 --> 00:03:32,150 But even networks with shared pass phrases are not completely secure. 59 00:03:32,150 --> 00:03:37,160 The next best option would be to use a VPN, or virtual private network. 60 00:03:37,160 --> 00:03:39,882 These are networks that can be set up anywhere, 61 00:03:39,882 --> 00:03:41,933 you can even do it yourself at home. 62 00:03:41,933 --> 00:03:45,968 You would then route all traffic through this network, which you either control or 63 00:03:45,968 --> 00:03:48,620 have considerably more trust in. 64 00:03:48,620 --> 00:03:52,950 It then works very similar to HTTPS, where your traffic is encrypted and 65 00:03:52,950 --> 00:03:54,170 private from eavesdropping. 66 00:03:55,590 --> 00:03:58,950 VPNs can be a bit of an advanced topic, so we won't cover them 67 00:03:58,950 --> 00:04:02,505 any more than to recommend them after some additional research. 68 00:04:02,505 --> 00:04:05,130 Man-in-the-middle attacks are also a bit advanced, but 69 00:04:05,130 --> 00:04:09,650 prevention is relatively simple, and the important takeaway is to consider it well 70 00:04:09,650 --> 00:04:12,810 worth the effort to verify the authenticity of your traffic.