Certified Ethical Hacker (CEH v13) — Question 277

As a security consultant, you are advising a startup that is developing an IoT device for home security. The device communicates with a mobile app, allowing homeowners to monitor their homes in real time. The CEO is concerned about potential Man-in-the-Middle (MitM) attacks that could allow an attacker to intercept and manipulate the device's communication. Which of the following solutions would best protect against such attacks?

Answer options

• A. Use CAPTCHA on the mobile app's login screen.
• B. Implement SSL/TLS encryption for data transmission between the IoT device and the mobile app.
• C. Limit the range of the IoT device's wireless signals.
• D. Frequently change the IoT device's IP address.

Correct answer: B

Explanation

The correct answer is B because SSL/TLS encryption secures the communication channel, preventing eavesdropping and tampering by attackers. Option A does not address communication security, while C and D are ineffective against MitM attacks as they do not encrypt the data being transmitted.