8 April 2021

Man in the Middle Attacks and Cyrex

With the world growing exponentially online, there has never been more digital connections across the globe. With such a huge increase in connections and interactions, we wanted to discuss the exposure and risks these communication layers entail. As well as how data can be modified on the fly.

Infiltrating the communication layer is done through a Man in the Middle attack. And using these methods, we’ve developed our own tool, “Cyrex Protoceptor”, to emulate these attacks for our penetration testing.

First things first, what is a Man in the Middle attack?

A Man in the Middle (MitM) attack is what it sounds like. When using any kind of platform, you are the ‘client’. The platform itself is the ‘server’, which then receives your communications. The MitM stands between the communication of the client and server.

The Man in the Middle impersonates both sides of the interaction, depending on who they’re talking to. So, as a user, it appears you’re communicating just fine with the server. And the server is sure it’s talking to you, the user. But both are communicating with this unknown actor. This means that everything being communicated is open for them to grab and if they can decrypt it, it’s theirs to take or change.

At Cyrex we use this approach for two reasons. The interception of network traffic and to manipulate the payload of each packet, thus its data.

Man in the Middle and Gaming

Cyrex’ proprietary tool is one that allows us to enact our own MitM attacks during our penetration testing. Tools like this exist already but they only support web traffic. They are able to be used over communications via restful APIs and/or web sockets.

In gaming, however, the actual gameplay’s traffic is almost never over web traffic. Some may include it but once in-game, it is working off a protocol such as TCP or UDP or a mixture.

As specialists in game penetration testing, we designed our tool to be used in partnership with these networking services. Whether custom networking based on TCP/UDP, Unreal or Unity networking and multiplayer services, our tool is designed to work with any existing live services. And should there be a custom protocol, our tool is fully flexible and scalable, able to adapt on a case-by-case basis to ensure you get the best security test possible.

Cyrex Protoceptor

Our team come from a varied background of hacking online games, healthcare applications, financial systems, you name it. We are used to using MitM attacks in the other industries, so why shouldn’t it be used in games?

An anti-cheat won’t catch a MitM attack because it would never be designed to check for it. The attack takes place a whole step beyond an anti-cheat, in the communication layer. An anti-cheat would try to stop modifications to the client-side, whereas our proprietary tool isn’t involved on the client-side. This approach is a lot faster in terms of performance since we aren’t manually modifying functionality on the client, instead we are tampering with the communication layer itself.

We took our knowledge from our past experience and applied it to game security testing.

Our tool is designed to integrate and gain access to the communication layer which allows us to do almost anything. Our main goal is always to validate server-side security controls, so why would we take the time to modify the client-side? Instead, we work on what’s being communicated and find the holes in security that way.

 

Our tool can support any type of network traffic, whether it’s being used in games, IoT devices, or web-based applications. No matter the protocol, our tool can support it. In the event it can’t, we are set to scale, grow, and adapt to your needs. This tool will allow us to pioneer a new level of security in the gaming industry. The unique and streamlined approach to penetration testing via the communication layer will significantly increase the quality and speed of this avenue of testing.

If you’d like to learn more about our penetration testing, you can read about it here! We also have anonymised security reports from previous penetration tests you can view. For any other queries, contact us and we’ll be happy to help.