Adversaries may position themselves between networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as Network Sniffing, Transmitted Data Manipulation, or replay attacks. By abusing features of common networking protocols, adversaries force a device to communicate through an adversary-controlled system to collect information or perform additional actions.
Adversaries may also leverage the AiTM position to attempt to monitor and/or modify traffic, such as in Transmitted Data Manipulation. In-vehicle network protocols such as CAN Bus and LIN Bus are also vulnerable to AiTM, making the technique a significant threat in the context of vehicle cybersecurity.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.