G 0.43 Message Injection

In this form of attack, attackers send specially prepared messages to systems or people with the aim of gaining an advantage for themselves or causing damage to the victim. To construct the messages appropriately, interface descriptions, protocol specifications, or records of past communication behavior are used, for example.

There are two practically important special cases of message injection:

• In a “replay attack” (replaying messages), valid messages are recorded and replayed at a later time (nearly) unchanged. It may also be sufficient to use only parts of a message, such as a password, to gain unauthorized access to an IT system.

• In a “man-in-the-middle attack”, attackers undetectably assume an intermediary position in the communication between different participants. As a rule, the sending party of a message is led to believe that they are the actual receiving party. Subsequently, the receiving party is led to believe that they are the actual sending party. If this succeeds, attackers can receive messages not intended for them and evaluate and deliberately manipulate them before forwarding them to the actual receiving party.

Encryption of communication offers no protection against man-in-the-middle attacks if secure authentication of the parties involved in the communication does not take place.

Examples:

• Attackers record authentication data (such as account name and password) during users’ login process and use this information to gain access to a system. With purely static authentication protocols, an encrypted password can also be used to gain unauthorized access to another system.
• To cause financial damage to the company, employees submit an approved order multiple times.