What is an 'Eavesdropping Attack'

An eavesdropping attack, which are also known as a sniffing or snooping attack, is an incursion where someone tries to steal information that computers, smartphones, or other devices transmit over a network. An eavesdropping attack takes advantage of unsecured network communications in order to access the data being sent and received. Eavesdropping attacks are difficult to detect because they do not cause network transmissions to appear to be operating abnormally.

BREAKING DOWN 'Eavesdropping Attack'

Eavesdropping attacks involve a weakened connection between client and server that allows the attacker to send network traffic to itself. Attackers can install network monitoring software (a sniffer) on a computer or a server to carry out an eavesdropping attack and intercept data during transmission. Any device in the network between the transmitting device and the receiving device is a point of weakness, as are the initial and terminal devices themselves. Knowing what devices are connected to a network and what software is installed on those devices is one way to protect against eavesdropping attacks. Using personal firewalls, updated antivirus software, and virtual private networks (VPN) – and avoiding public networks, especially for sensitive transactions – can help prevent eavesdropping attacks as well.

Public Wi-Fi networks are an easy target for eavesdropping attacks. Anyone with the easily available password can join the network and use free software to monitor network activity and steal login credentials and valuable data that users transmit over the network. This is one way people get their Facebook and email accounts hacked.

Users can sometimes limit their exposure to such attacks by making sure their phones are running the most recent operating system version. However, sometimes users do not have access to the latest software version because the phone vendor does not make it available immediately.

Examples of Eavesdropping Attacks

In May 2011, most Android smartphones were vulnerable to an eavesdropping attack involving authentication tokens sent over unencrypted Wi-Fi networks. Eavesdroppers using a sniffing program called Wireshark could view, steal, modify, and delete private calendar data, contact data, and Picasa Web Album data this way. The attacker could change a victim’s contact data to trick the victim's contacts into sending sensitive data to the attacker.

HTTP should not be used to transmit sensitive information such as passwords or credit card numbers because it is not encrypted and is therefore vulnerable to attack; HTTPS or SSH (secure shell) encryption should be used instead to offer a measure of protection against eavesdropping attacks. However, attackers may still be able to decrypt encrypted communications to gain access to confidential information. In April 2015, at least 25,000 iOS apps were vulnerable to eavesdropping attacks because of a bug in an open-source code library called AFNetworking that could take down HTTPS encryption. The attacker only needed a valid certificate to eavesdrop on or modify an encrypted SSL (secure socket layer) session involving one of the affected apps.

  1. Denial Of Service Attack (DoS)

    A Denial Of Service Attack (DoS) is an intentional cyberattack ...
  2. Zero Day Attack

    Zero Day Attack is an attack that exploits a potentially serious ...
  3. Supply Chain Attack

    A supply chain attack is a cyberattack that attempts to inflict ...
  4. Networking

    Networking is a process that fosters the exchange of information ...
  5. Value Network Analysis

    Value network analysis is the assessment of the members and resources ...
  6. Honeypot

    A honeypot is a security measure used to prevent and dismantle ...
Related Articles
  1. Investing

    Terrorism's Effects on Wall Street

    Terrorist activity tends to have a negative impact on the markets, but just how much? Find out how to take cover.
  2. Financial Advisor

    Don't Hide From The Reality Of How Terrorism Affects The Economy

    After major terror attacks, most people don't want to think about economics. But the post-terror economy affects the lives of the whole world, so it's important to be knowledgeable.
  3. Insights

    Who Stands To Lose (And Gain) From The Paris Attacks

    For every major world event, there are those who stand to lose and those who stand to gain. A look at the short, medium, and long-term impacts of the Paris attacks.
  4. Tech

    SWIFT Attacks: Hackers Strike Again

    The recent SWIFT cyberattack has revealed connections to the earlier Bangladesh and Sony attacks.
  5. Investing

    Security Stocks Up After Global Ransomware Attacks

    Investors bet that companies and governments will spend more to secure their networks.
  6. Personal Finance

    How Cyber Security Risks Impact Your Bank

    Here's how cyber security risks mean for the financial industry and consumers.
  7. Insights

    Top Cyber Security Risks for Financial Advisors

    Cyber crime is on the rise. Here's what advisory firms, big and small, need to be aware of and how to prepare.
  8. Tech

    Protect Your Small Business from Cybercrime

    Small business owners are a growing target for cyber-attacks; protect yourself and your clients.
  9. Investing

    New Cyber Attack Exploits Microsoft Bug, Generates Digital Currency

    Another cyber attack relying on a Microsoft bug is spreading around the globe at the same time the hacking group Shadow Brokers is warning of more pain to come.
  10. Insights

    5 Ways Your Small Business Is at Risk for a Cyber Attack

    Small business owners think they are immune to hacks because of their size, but they are not. When they find the guard is down, hackers are exploiting common weakness.
  1. Is Apple Pay safe and free?

    Learn more about Apple Pay, one of Apple's newest and most metamorphic programs that is changing the way consumers purchase ... Read Answer >>
  2. What Are the Pros and Cons of Online Checking Accounts?

    Learn about the ways an online checking account can save you time and money, but understand the drawbacks before signing ... Read Answer >>
Trading Center