Security 101 – Man in the middle attack

This post is the first in a short series of articles about essential concepts in IT security to explain common security flaws in simple, everyday-life terms. This idea developed during an online presentation about IT security in the medical sector.


A man in the middle (MITM) scenario happens, when an unexpected party becomes part of an exchange between to individuals or entities. Let us imagine two friends somewhere in the world are good friends and are writing each other letters from time to time. To make things easier, we will name the two people Alice and Bob, which is a very common choice in information security. When Alice sends a letter to Bob, Bob can read this letter and respond to it by writing his own letter back to Alice. At some point, a malicious third party becomes interested in the communication between Alice and Bob. Let’s stick to common naming and call that malicious party „Eve“ (from eavesdropping). Eve is interested in the communication between Alice and Bob because she hopes to find information that she can use either to gain a personal advantage or to inflict harm on Alice or Bob. Eve decides to wait in front of the house of Bob every morning until the postman arrives and steal the letters from Bob’s mailbox. To stay undetected, she opens the letters (probably using hot steam), reads them, reseals the envelope and puts the letter back into Bob’s mailbox. This scenario works well for letters Bob receives from Alice, but is quite hard for letters Bob sends to Alice. In order to have all information on the exchange, Eve would also need access to the mail Bob sends out to Alice.