(also playback attack)
Replay attack definition
A replay attack is when hackers intercept your internet traffic to access your accounts and online profiles. Before launching a replay attack, they need to gain access to your network to eavesdrop on your internet data. The most common way to do this is by implanting malware on the victim’s device or setting up a hotspot. A replay attack falls into the category of man-in-the-middle attacks (MITM).
See also: packet sniffing
How a replay attack works
- A hacker eavesdrops on their target’s network communication. They can do it by implanting a data packet sniffer on the victim’s device or setting up a fake remotely-controlled hotspot.
- The hacker intercepts their target’s data and resends the relevant packets to the server, making it look like the message originated from the victim’s system. They don’t even need advanced skills to decrypt the message after capturing it from the network. They can simply resend it encrypted and still succeed.
- The server sends back a response, and the hacker receives it instead of the intended recipient.
Dangers of a replay attack
- Unauthorized access. Replay attacks allow hackers to access networks where they can get their hands on sensitive information.
- Fraudulent transactions. A threat actor can resend a payment request with modified bank details. If the payer complies, the money ends up in the hacker’s account.
- Car theft. A hacker can scan a signal between a key fob and a vehicle. Resending the coded signal would activate the car’s ignition and allow the attacker to drive it away.
- Denial of service. Replay attacks can also be used to flood a system with duplicate requests, which can overwhelm it and cause it to crash.
- Loss of trust. A successful replay attack can erode the trust between users and systems, as users may become reluctant to use the system again due to security concerns.