Term: man in the middle

Man in the middle” is a phrase used to describe a type of communications vulnerability or attack that can cause sensitive data to be stolen or leaked.

If normal communications are directly between two parties, a man-in-the-middle attack inserts a malicious third party in between that intercepts, potentially modifies, and then forwards all communications without detection.

For example, a man in the middle might intercept communications between a computer user and his bank. Rather than communicating directly between user and bank, the user would actually be communicating to the malicious man in the middle without realizing it. That man in the middle would relay the communications on to the bank. Similarly, returned information that would normally be transmitted from the bank to the user would instead first go to the man in the middle, who would  relay it on to the user transparently.

To the user, all would appear normal; a successful man-in-the-middle attack is not typically easily detectable.

What distinguishes a man in the middle from simple eavesdropping is that as a side effect of having been inserted into the communications, the man in the middle could potentially modify the information being transmitted.

The validation step of https connections, ensuring that you are connected to the site you believe you are, is one approach to preventing man-in-the-middle attacks.

« Back to Glossary Index