Replay Attack 101

In this kind of attack, a hacker intercepts and replays data transmission, allowing him/her to interact with the victim as though they were the original source.

replay attack

You may have heard of the “replay attack” and in this article – we want to explain what it’s all about. And more importantly, what you can do to protect yourself from this kind of attack. Read on for details…

Replay attack explained

A replay attack happens when a savvy hacker intercepts and “replays” a secure data transmission, allowing him/her to interact with the receiver as though they were the original sender. Although it sounds complicated, many hackers find it relatively simple to perform and that is scary.

For instance, we could imagine someone trying to log into a website without knowing that someone is intercepting his/her traffic. A hacker notices the action and sends the identical page back to the user, who thinks something’s wrong and he/she has to login again. And so he/she does, without knowing that at that moment, they are handing over their credentials (username and password) to the hacker. Then, the user will be redirected to the actual page he/she was looking for and everything will seem fine. Except that it isn’t.

Hackers perform this kind of attack by eavesdropping (so-called “packet sniffing”) on data exchanges being sent through networks. Once they manage to intercept some data, they replay it in the same form, making it hard for unsuspecting users to know that something’s wrong.

In that sense, replay attacks are used to steal usernames and passwords and eventually trick users into sending funds to the hacker.

Now, you may think that this couldn’t occur on services you’re using as they encrypt users’ passwords. You would be wrong as in that case, the hacker won’t get the password but he/she can repeat the actual authentication and access the site resources. This process, in case you wonder, is called the “pass-the-hash attack.”

As many services realized this could be done, their passwords are “hashed and salted,” with the latter referring to the practice of adding a unique string of characters known only to the website to each password. The problem here could be that a site reuses the same salt for every password, making the practice less secure.

What can you do to prevent a replay attack?

There are a few things that come to mind:

  • Use two-factor authentication wherever such an option exists. And it tends to be present in the most popular services.
  • Also, use a one-time password (OTP) whenever possible – which is the kind of password that can only be used once.
  • Only access secure websites that use the HTTPS protocol (vs insecure HTTP) to encrypt all traffic coming to and from your device.
  • Try accessing Wi-Fi networks you trust exclusively. This means your home and office Wi-Fi, as well as Wi-Fi at your (trusted) friends’ homes.
  • If you have to connect to the Internet in a cafe, make sure you’re accessing it with a VPN turned on.

Hopefully, you will not fall victim to a replay attack, but just in case – make sure to follow the advice provided on this page. Good luck!