What is an 'Eavesdropping Attack'

An eavesdropping attack, which are also known as a sniffing or snooping attack, is an incursion where someone tries to steal information that computers, smartphones, or other devices transmit over a network. An eavesdropping attack takes advantage of unsecured network communications in order to access the data being sent and received. Eavesdropping attacks are difficult to detect because they do not cause network transmissions to appear to be operating abnormally.

BREAKING DOWN 'Eavesdropping Attack'

Eavesdropping attacks involve a weakened connection between client and server that allows the attacker to send network traffic to itself. Attackers can install network monitoring software (a sniffer) on a computer or a server to carry out an eavesdropping attack and intercept data during transmission. Any device in the network between the transmitting device and the receiving device is a point of weakness, as are the initial and terminal devices themselves. Knowing what devices are connected to a network and what software is installed on those devices is one way to protect against eavesdropping attacks. Using personal firewalls, updated antivirus software, and virtual private networks (VPN) – and avoiding public networks, especially for sensitive transactions – can help prevent eavesdropping attacks as well.

Public Wi-Fi networks are an easy target for eavesdropping attacks. Anyone with the easily available password can join the network and use free software to monitor network activity and steal login credentials and valuable data that users transmit over the network. This is one way people get their Facebook and email accounts hacked.

Users can sometimes limit their exposure to such attacks by making sure their phones are running the most recent operating system version. However, sometimes users do not have access to the latest software version because the phone vendor does not make it available immediately.

Examples of Eavesdropping Attacks

In May 2011, most Android smartphones were vulnerable to an eavesdropping attack involving authentication tokens sent over unencrypted Wi-Fi networks. Eavesdroppers using a sniffing program called Wireshark could view, steal, modify, and delete private calendar data, contact data, and Picasa Web Album data this way. The attacker could change a victim’s contact data to trick the victim's contacts into sending sensitive data to the attacker.

HTTP should not be used to transmit sensitive information such as passwords or credit card numbers because it is not encrypted and is therefore vulnerable to attack; HTTPS or SSH (secure shell) encryption should be used instead to offer a measure of protection against eavesdropping attacks. However, attackers may still be able to decrypt encrypted communications to gain access to confidential information. In April 2015, at least 25,000 iOS apps were vulnerable to eavesdropping attacks because of a bug in an open-source code library called AFNetworking that could take down HTTPS encryption. The attacker only needed a valid certificate to eavesdrop on or modify an encrypted SSL (secure socket layer) session involving one of the affected apps.

RELATED TERMS
  1. Cybersecurity

    Cybersecurity refers to the measures taken to keep electronic ...
  2. Supply Chain Attack

    A supply chain attack is a cyberattack that attempts to inflict ...
  3. Intrusion Detection System (IDS)

    An Intrusion Detection System (IDS) is a computer program that ...
  4. Man-In-The-Middle Fraud

    A crime where an unauthorized third party obtains a consumer’s ...
  5. Networking

    Networking is a process that fosters the exchange of information ...
  6. Smishing

    The use of SMS (short messaging services) technology to phish ...
Related Articles
  1. Investing

    Android Phones Vulnerable to Wi-Fi Attacks: Report

    Cybersecurity experts say a new kind of attack lets hackers read Wi-Fi traffic, inject malware.
  2. Investing

    New Cyber Attack Exploits Microsoft Bug, Generates Digital Currency

    Another cyber attack relying on a Microsoft bug is spreading around the globe at the same time the hacking group Shadow Brokers is warning of more pain to come.
  3. Tech

    Prevent Employees From Hacking You Computer System

    Cyber security attacks from a current or ex-employee can cause a lot of pain. Here is how to avoid such attacks.
  4. Tech

    Is Making Your Home ‘Smart’ A Dumb Idea?

    Remote-controlled devices and home systems could allow hackers to penetrate your sensitive data, not to mention your premises.
  5. Investing

    Microsoft Brand 'Largely Unscathed' By WannaCry Attack: Report

    The WannaCry cyberattack that swept across the globe earlier in May, exploited a bug in unpatched Microsoft operating systems and it's time to assess whether it caused a dent in the company's ...
  6. Investing

    13 Ways to Invest in Cybersecurity

    Rarely a week goes by without a new media story about data breaches, hacking schemes or cyber attacks impacting individuals, companies and even governments. Four top investment experts who contribute ...
  7. Insights

    What Countries Spend On Antiterrorism

    It would be an understatement to say that no country's anti-terrorism budget has decreased in the last two decades. Here are some hard numbers.
  8. Insights

    6 Ways To Protect Yourself Against Cybercrime

    Cybercrime is becoming more and more serious in the U.S. Here are some ways you can protect your finances from cybercriminals.
  9. Investing

    Credit Suisse Says 'WannaCry' Should Make Microsoft Shareholders Happy

    Microsoft may benefit from the 'WannaCry' ransomware attack that spread over the weekend as it prompts more companies to upgrade to Windows 10.
  10. Investing

    ‘Strong Links’ Tie North Korea to Ransomware Attacks: Symantec

    'Highly likely' that ransomware is linked Lazarus Group crime ring, say cybersecurity experts
RELATED FAQS
  1. What are the most common metrics for evaluating utilities?

    Read about the most common and important methods of evaluating the stocks of utility companies, and learn why regulation ... Read Answer >>
  2. How do real estate agents get listings?

    Learn about how real estate agents get listings in top real estate markets, as well as in smaller areas, through utilizing ... Read Answer >>
Hot Definitions
  1. Bond

    A bond is a fixed income investment in which an investor loans money to an entity (corporate or governmental) that borrows ...
  2. Compound Annual Growth Rate - CAGR

    The Compound Annual Growth Rate (CAGR) is the mean annual growth rate of an investment over a specified period of time longer ...
  3. Net Present Value - NPV

    Net Present Value (NPV) is the difference between the present value of cash inflows and the present value of cash outflows ...
  4. Price-Earnings Ratio - P/E Ratio

    The Price-to-Earnings Ratio or P/E ratio is a ratio for valuing a company that measures its current share price relative ...
  5. Internal Rate of Return - IRR

    Internal Rate of Return (IRR) is a metric used in capital budgeting to estimate the profitability of potential investments.
  6. Limit Order

    An order placed with a brokerage to buy or sell a set number of shares at a specified price or better.
Trading Center