Certified Ethical Hacker (CEH v12) — Question 190

As a security consultant, you are advising a startup that is developing an IoT device for home security. The device communicates with a mobile app, allowing homeowners to monitor their homes in real time. The CEO is concerned about potential Man-in-the-Middle (MitM) attacks that could allow an attacker to intercept and manipulate the device's communication. Which of the following solutions would best protect against such attacks?

Answer options

• A. Use CAPTCHA on the mobile app's login screen.
• B. Implement SSL/TLS encryption for data transmission between the IoT device and the mobile app.
• C. Limit the range of the IoT device's wireless signals.
• D. Frequently change the IoT device's IP address.

Correct answer: B

Explanation

Implementing SSL/TLS encryption is essential for protecting data transmission between the IoT device and the mobile app, as it secures the communication against interception and manipulation. The other options, such as using CAPTCHA, do not address the specific risk of MitM attacks, while limiting wireless range and changing IP addresses do not provide robust security for the data being transmitted.