Replay Attack: Definition, Examples & Prevention

Instructor: Beth Hendricks

Beth holds a master's degree in integrated marketing communications, and has worked in journalism and marketing throughout her career.

Replay attacks involve the interception - and retransmission - of data in an attempt to get access to data, systems, or transactions. In this lesson, you'll learn more about these attacks and how to prevent them.

Play It Again

Tracy is standing in line at the drugstore, waiting to pay for her items. As she approaches the checkout counter, she pulls out her phone to pay with her mobile wallet. She holds her phone close to the credit card terminal, waits for it to ''ding'' and then collect her bags and leaves.

A replay attack can be used to steal credit card data.
replay, attack, prevention

A few days later, Tracy sees multiple charges on her credit card's website that she doesn't recognize. Her bank tells her it appears that her credit card number has been compromised. All of the mystery transactions took place the afternoon of her stop in the drugstore.

Bad news! Tracy has been the victim of a replay attack - one where a hacker was able to intercept her credit card data using a hidden device attached to the retailer's credit card machine. Since she's never heard of it, Tracy decides to learn more about replay attacks and how to prevent them from happening again. Let's read the information she was able to compile.

What's A Replay Attack?

A replay attack happens when a hacker detects secure network communication or data transmission, intercepts it, and then retransmits it (or ''replays'' it) as if it were their own. The idea is to try and trick the person on the other end. In the example above, a hacker was able to intercept Tracy's credit card data and then retransmit it over the internet to make fraudulent purchases.

Replay attacks can come in many forms, not just those related to credit card usage. Think about an email conversation between an accounting supervisor and a payroll clerk. The payroll clerk emails the accounting supervisor about moving some money between accounts and asks for the password to do so. The supervisor responds with the necessary credentials. Unbeknownst to either of them, a hacker has captured the conversation between the two. When the hacker resends the message to the accounting supervisor later, it looks authentic. That's because it is! The genuine message is simply being replayed by the hacker, who is hoping to trick the recipient into parting with sensitive data or granting access to information that is not easily accessible.

Prevention Methods

There are a number of methods that can work to thwart replay attacks.

Passwords

First, consider implementing one-time passwords for sensitive communications. One-time passwords expire either after they've been used or after a short period of time. Either way they are useful for ensuring that important transactions or communications are only taking place between the intended parties.

Digital Signatures

Next, you could use digital signatures. A digital signature isn't your name, but rather a complex process that involves algorithms and ''keys.'' Each computer has its own private key, one that only those machines know, to encrypt information on one end and decrypt it on the other. Think of it like sending a coded message to a friend - the only person who knows how to break the code.

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it now
Create an account to start this course today
Used by over 30 million students worldwide
Create an account