• Type of network-based attack where valid data transmissions are maliciously or fraudulently re-broadcast, repeated, or delayed
• Involves intercepting data, analyzing it, and deciding whether to retransmit it later

Different from a Session Hijack

• In a Session Hijack, the attacker alters real-time data transmission
• In a Replay Attack, the attacker intercepts the data and then can decide later whether to retransmit the data

Applications of Replay Attacks

• Not limited to banking; can occur in various network transmissions
  • Email
  • Online Shopping
  • Social media
• Common in wireless authentication attacks, especially with older encryption protocols like WEP (Wired Equivalent Privacy)

Credential Replay Attack

• Specific type of replay attack that involves capturing a user’s login credentials during a session and reusing them for unauthorized access

Preventing Replay Attacks

• Use session tokens to uniquely identify authentication sessions
• Session tokens are generated for each session, making it challenging for attackers to replay sessions
• Implement multi-factor authentication to require additional authentication factors, making replay more difficult
• By using multi-factor authentication, attackers lack the necessary additional information to replay login sessions
• Implement security protocols like WPA3 (Wi-Fi Protected Access 3) to mitigate replay attack threats