Certified Ethical Hacker (CEH v13) — Question 158

As the chief security officer at SecureMobile, you are overseeing the development of a mobile banking application. You are aware of the potential risks of man-in-the-middle (MitM) attacks where an attacker might intercept communication between the app and the bank's servers. Recently, you have learned about a technique used by attackers where they use rogue Wi-Fi hotspots to conduct MitM attacks. To prevent this type of attack, you plan to implement a security feature in the mobile app. What should this feature accomplish?

Answer options

• A. It should require two-factor authentication for user logins.
• B. It should prevent the app from communicating over a network if it detects a rogue access point.
• C. It should prevent the app from connecting to any unencrypted Wi-Fi networks.
• D. It should require users to change their password every 30 days.

Correct answer: B

Explanation

The correct answer is B because preventing communication over a network when a rogue access point is detected directly addresses the risk of MitM attacks through fake Wi-Fi hotspots. Option A, while enhancing security, does not specifically mitigate the risk of MitM. Option C can help but doesn't address the specific detection of rogue access points, and option D does not relate to the immediate risk of interception but rather focuses on password management.