As a security consultant, you are advising a startup that is developing an IoT device for home security. The device communicates with a mobile app, allowing homeowners to monitor their homes in real time. The CEO is concerned about potential Man-in-the-Middle (MitM) attacks that could allow an attacker to intercept and manipulate the device's communication. Which of the following solutions would best protect against such attacks?
The most effective solution to protect against Man-in-the-Middle (MitM) attacks is to implement SSL/TLS encryption for data transmission between the IoT device and the mobile app. SSL/TLS encryption ensures that the data being transmitted is encrypted and cannot be easily intercepted or manipulated by an attacker. CAPTCHA on the mobile app's login screen does not secure data transmission; it only ensures that the user is human. Limiting the range of wireless signals reduces the attack surface but does not secure data. Changing the IoT device's IP address does not protect the data during transmission either.
B. Implement SSL/TLS encryption for data transmission between the IoT device and the mobile app.
If you want to get rid of MiTM, TLS is the way...the only way
I meant B
B. Implement SSL/TLS encryption for data transmission between the IoT device and the mobile app. To protect against Man-in-the-Middle (MitM) attacks, the most effective solution among the ones listed is to B. Implement SSL/TLS encryption for data transmission between the IoT device and the mobile app. This type of encryption ensures that even if an attacker intercepts the communication, they would not be able to decipher the contents, thereby preventing them from manipulating the messages. While CAPTCHAs are useful for verifying that a user is a human, they do not encrypt data transmission. Limiting the range of the IoT device may reduce the attack surface but does not protect data that is transmitted outside that range. Changing the IoT device's IP address might obscure the device from a potential attacker but does not protect the actual data being transmitted.