A replay attack happens when cybercriminals eavesdrop on secure network communications, intercept them, and change them to make the receivers do what they want. What makes it more dangerous, though, is that it does not require advanced hacking skills when the target messages are not encrypted.

You can compare it to fraudsters who steal mail from your mailbox (a service provider bill), open it, replace its content (the account details where payment should be sent with those that point to an account under the attackers’ control), and resend it via the same postal office like nothing happened.


Read More about a Replay Attack

To better understand what a replay attack is, consider the scenario below.

How Does a Replay Attack Work?

Let us say Sandra wants to prove her identity to Vince. Vince will ask for her password as proof of her identity. Sandra provides what Vince requests. Without their knowledge, Alicia is eavesdropping on their conversation and keeps Sandra’s password. When the exchange ends, Alicia pretends to be Sandra and communicates with Vince. When asked for her proof of identity, Alicia sends Sandra’s password, which Vince accepts, thus granting Alicia access.

Take a look at the following illustration showing how a replay attack works.

how a replay attack works

What Are Real-World Examples of Replay Attacks?

Over the years, we have seen various real-world replay attacks. Here are some of them.

Remote Vehicle Unlocking

While the widespread use of key fobs to unlock many of today’s vehicles has made life more convenient for users, they also made cars vulnerable to simple replay attacks.

Auto thieves can place a device that receives and transmits radio waves within the target vehicle’s range. The transmitter will jam unlock signals to receive and store them for future use. Once the owner leaves, the attackers can open the car and steal it.

Text-Dependent Speaker Verification

You have probably seen this attack in several movies where the bad guys record the target’s spoken password. They can then easily open doors that require the victim to speak his password into a voice recognition system.

How Can You Prevent a Replay Attack?

Given the simplicity of launching a replay attack, many victims have succumbed to it. It is, however, preventable. Here are some tried-and-tested ways to do that.

Encrypting Data

Encrypting data is ideal for keeping messages sent via email confidential. Data encryption requires using an encryption key. Each message sent is encrypted or locked, ensuring that only the person with the decryption key can open it. That way, even if hackers intercept the message, they cannot open it since they do not have the key.

Note, though, that today’s attackers are more advanced than their forebears, and some can break encryptions. Random session keys or codes that are only valid for a single transaction and cannot be reused were introduced as a countermeasure.

Timestamping Messages

Another replay attack preventive measure is to timestamp all messages. To do that, you can set a time limit between message sending and receiving. That prevents hackers from modifying a message sent and resending it since all communications transmitted after the limit is reached are invalidated.

Using One-Time Passwords

Most of our financial transactions are protected by using one-time passwords (OTPs). An OTP only works for a single transaction. Once used, it is automatically discarded. That way, even if attackers intercept the communication and record the password, they can’t use it because you already have.

Employing Digital Signatures

Another prevention technique is using digital signatures or electronic encrypted stamps of authentication on digital information like emails, macros, or electronic documents. These signatures confirm that the information originated from the signatures’ owners and have not been tampered with.

Digital signatures make it easy for receivers to authenticate if the senders are really who they claim to be.

Using Random-Session Keys

You can also minimize replay attacks with random-session session keys that are time-specific. These change with time, making it difficult for attackers to trick receivers using old messages.

There are more complex measures, of course, but those mentioned above are the most commonly used.

Key Takeaways

  • A replay attack happens when cybercriminals eavesdrop on secure network communications, intercept them, and change them to make the receivers do what they want. It’s dangerous because it doesn’t require advanced hacking skills, particularly when the target messages aren’t encrypted.
  • Replay attacks are employed in remote vehicle unlocking and text-dependent speaker verification, among many others.
  • You can prevent replay attacks by encrypting data, timestamping messages, using OTPs, employing digital signatures, and using random-session keys.