What is an 'Eavesdropping Attack'

An eavesdropping attack, which are also known as a sniffing or snooping attack, is an incursion where someone tries to steal information that computers, smartphones, or other devices transmit over a network. An eavesdropping attack takes advantage of unsecured network communications in order to access the data being sent and received. Eavesdropping attacks are difficult to detect because they do not cause network transmissions to appear to be operating abnormally.

BREAKING DOWN 'Eavesdropping Attack'

Eavesdropping attacks involve a weakened connection between client and server that allows the attacker to send network traffic to itself. Attackers can install network monitoring software (a sniffer) on a computer or a server to carry out an eavesdropping attack and intercept data during transmission. Any device in the network between the transmitting device and the receiving device is a point of weakness, as are the initial and terminal devices themselves. Knowing what devices are connected to a network and what software is installed on those devices is one way to protect against eavesdropping attacks. Using personal firewalls, updated antivirus software, and virtual private networks (VPN) – and avoiding public networks, especially for sensitive transactions – can help prevent eavesdropping attacks as well.

Public Wi-Fi networks are an easy target for eavesdropping attacks. Anyone with the easily available password can join the network and use free software to monitor network activity and steal login credentials and valuable data that users transmit over the network. This is one way people get their Facebook and email accounts hacked.

Users can sometimes limit their exposure to such attacks by making sure their phones are running the most recent operating system version. However, sometimes users do not have access to the latest software version because the phone vendor does not make it available immediately.

Examples of Eavesdropping Attacks

In May 2011, most Android smartphones were vulnerable to an eavesdropping attack involving authentication tokens sent over unencrypted Wi-Fi networks. Eavesdroppers using a sniffing program called Wireshark could view, steal, modify, and delete private calendar data, contact data, and Picasa Web Album data this way. The attacker could change a victim’s contact data to trick the victim's contacts into sending sensitive data to the attacker.

HTTP should not be used to transmit sensitive information such as passwords or credit card numbers because it is not encrypted and is therefore vulnerable to attack; HTTPS or SSH (secure shell) encryption should be used instead to offer a measure of protection against eavesdropping attacks. However, attackers may still be able to decrypt encrypted communications to gain access to confidential information. In April 2015, at least 25,000 iOS apps were vulnerable to eavesdropping attacks because of a bug in an open-source code library called AFNetworking that could take down HTTPS encryption. The attacker only needed a valid certificate to eavesdrop on or modify an encrypted SSL (secure socket layer) session involving one of the affected apps.

RELATED TERMS
  1. Cybersecurity

    Cybersecurity refers to the measures taken to keep electronic ...
  2. Denial Of Service Attack (DoS)

    A Denial Of Service Attack (DoS) is an intentional cyberattack ...
  3. Supply Chain Attack

    A supply chain attack is a cyberattack that attempts to inflict ...
  4. Intrusion Detection System (IDS)

    An Intrusion Detection System (IDS) is a computer program that ...
  5. Encryption

    Encryption is a means of securing digital date using an algorithm ...
  6. Cloud Hijacking

    Cloud hijacking is the breaking into or taking over of the cloud ...
Related Articles
  1. Tech

    SWIFT Attacks: Hackers Strike Again

    The recent SWIFT cyberattack has revealed connections to the earlier Bangladesh and Sony attacks.
  2. Investing

    Android Phones Vulnerable to Wi-Fi Attacks: Report

    Cybersecurity experts say a new kind of attack lets hackers read Wi-Fi traffic, inject malware.
  3. Tech

    Bitcoin Gold Hack Shows 51% Attack Is Real

    Bitcoin Gold might be at the receiving end of a 51% attack. If true, this theoretically means a hacker can take control of the cryptocurrency.
  4. Personal Finance

    How Cyber Security Risks Impact Your Bank

    Cyber security has become a paramount concern for the banking sector, but some banks have been hesitant to implement much-needed security measures.
  5. Investing

    How the Paris Attacks Could Impact the Economy

    The horrific terror attacks in Paris will have a ripple effect on comsumer spending and tourism.
  6. Insights

    Top Cyber Security Risks for Financial Advisors

    Cyber crime is on the rise. Here's what advisory firms, big and small, need to be aware of and how to prepare.
  7. Managing Wealth

    Insulating Your Portfolio Against the Impact of a Terrorist Attack

    Advice and strategies to help your investment portfolio hold up against the adverse effects of a terrorist attack on the markets.
  8. Insights

    5 Ways Your Small Business Is at Risk for a Cyber Attack

    Small business owners think they are immune to hacks because of their size, but they are not. When they find the guard is down, hackers are exploiting common weakness.
  9. Investing

    Microsoft Turns to AI to Fight Cyberattacks

    Microsoft is turning to artificial intelligence in the wake of the WannaCry ransomware attacks.
RELATED FAQS
  1. What impact have terrorist attacks had on the insurance industry?

    Learn about the impact of terrorist attacks on the insurance industry and how the 9/11 terrorist attack led to important ... Read Answer >>
  2. How do real estate agents get listings?

    Learn about how real estate agents get listings in top real estate markets, as well as in smaller areas, through utilizing ... Read Answer >>
  3. Who Are Google's Main Competitors?

    Explore Google's different revenue segments and its competitors in each, ranging from Microsoft and Yahoo to Moody's Investor ... Read Answer >>
Trading Center