Eavesdropping Attack

DEFINITION of 'Eavesdropping Attack'

An incursion where someone tries to steal information that computers, smartphones, or other devices transmit over a network. An eavesdropping attack takes advantage of unsecured network communications in order to access the data being sent and received. Eavesdropping attacks are difficult to detect because they do not cause network transmissions to appear to be operating abnormally.

Also called a sniffing or snooping attack.

BREAKING DOWN 'Eavesdropping Attack'

Eavesdropping attacks involve a weakened connection between client and server that allows the attacker to send network traffic to itself. Attackers can install network monitoring software (a sniffer) on a computer or a server to carry out an eavesdropping attack and intercept data during transmission. Any device in the network between the transmitting device and the receiving device is a point of weakness, as are the initial and terminal devices themselves. Knowing what devices are connected to a network and what software is installed on those devices is one way to protect against eavesdropping attacks. Using personal firewalls, updated antivirus software, and virtual private networks (VPN) – and avoiding public networks, especially for sensitive transactions – can help prevent eavesdropping attacks as well.

Public Wi-Fi networks are an easy target for eavesdropping attacks. Anyone with the easily available password can join the network and use free software to monitor network activity and steal login credentials and valuable data that users transmit over the network. This is one way people get their Facebook and email accounts hacked.

In May 2011, most Android smartphones were vulnerable to an eavesdropping attack involving authentication tokens sent over unencrypted Wi-Fi networks. Eavesdroppers using a sniffing program called Wireshark could view, steal, modify, and delete private calendar data, contact data, and Picasa Web Album data this way. The attacker could change a victim’s contact data to trick the victim's contacts into sending sensitive data to the attacker.

HTTP should not be used to transmit sensitive information such as passwords or credit card numbers because it is not encrypted and is therefore vulnerable to attack; HTTPS or SSH (secure shell) encryption should be used instead to offer a measure of protection against eavesdropping attacks. However, attackers may still be able to decrypt encrypted communications to gain access to confidential information. In April 2015, at least 25,000 iOS apps were vulnerable to eavesdropping attacks because of a bug in an open-source code library called AFNetworking that could take down HTTPS encryption. The attacker only needed a valid certificate to eavesdrop on or modify an encrypted SSL (secure socket layer) session involving one of the affected apps.

Users can sometimes limit their exposure to such attacks by making sure their phones are running the most recent operating system version. However, sometimes users do not have access to the latest software version because the phone vendor does not make it available immediately.