Replay attack
(also playback attack)
Replay attack definition
A replay attack is when hackers intercept your internet traffic to access your accounts and online profiles. Before launching a replay attack, they need to gain access to your network to eavesdrop on your internet data. The most common way to do this is by implanting malware on the victim’s device or setting up a hotspot. A replay attack falls into the category of man-in-the-middle attacks (MITM).
How a replay attack works
- A hacker gets access to the user’s network by implanting malware on their device or setting up a fake remotely-controlled hotspot.
- The hacker intercepts the user’s data and resends the same web request to the server, making it look like the data is coming from the user’s browser.
- The server sends back a response, and the hacker receives it instead of the user.
How to prevent a replay attack
- Timestamping your messages. Creating a timestamp will set the server to ignore requests older than the selected time frame. This reduces the window of opportunity for a hacker to eavesdrop, intercept, and resend the message.
- Use one-time passwords. Banks commonly use this method to prevent a replay attack. One-time passwords can only be used once and are then discarded. Using one-time passwords allows banks to authenticate each transaction.
- Use SSL or TLA security protocols. Websites that support SSL or TLS protocols have an added layer of security: the data traveling between a browser and the server is encrypted. That means hackers can’t spy on your session ID or use this information to impersonate you.
Further reading