Man-in-the-middle attack

Control Cockpit detects potential man-in-the-middle attacks based on modified device certificates and blocks affected devices.

Control Cockpit monitors the integrity of the secure connection to a device using the device's certificate. If the certificate of a device changes unexpectedly, Control Cockpit evaluates this as a potential man-in-the-middle attack. In this case, Control Cockpit displays a red security warning and blocks access to the affected device.

Typical triggers

A warning about a possible man-in-the-middle attack can be caused by real attacks, but also by legitimate changes.

Typical causes are:

Network settings on the Control Cockpit machine were changed,
concurrent security software is running on the Control Cockpit machine,
the network topology has changed (for example, IP addresses or new or modified switches or routers).

In products such as TeamConnect Bar or TeamConnect Ceiling, apparent false alarms may occur after a factory reset if the public key changes as expected.