Man-in-the-middle attack

This is straightforward in many circumstances; for example, an attacker within range of a Wi-Fi access point hosting a network without encryption could insert themselves as a man in the middle.

Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks.

All cryptographic systems that are secure against MITM attacks provide some method of authentication for messages.

Most require an exchange of information (such as public keys) in addition to the message over a secure channel.

[16] A public key infrastructure, such as Transport Layer Security, may harden Transmission Control Protocol against MITM attacks.

Use of mutual authentication, in which both the server and the client validate the other's communication, covers both ends of a MITM attack.

Attestments, such as verbal communications of a shared value (as in ZRTP), or recorded attestments such as audio/visual recordings of a public key hash[18] are used to ward off MITM attacks, as visual media is much more difficult and time-consuming to imitate than simple data packet communication.

Latency examination can potentially detect the attack in certain situations,[19] such as with long calculations that lead into tens of seconds like hash functions.

Nokia responded by saying that the content was not stored permanently, and that the company had organizational and technical measures to prevent access to private information.