What is a man-in-the-middle attack on a WLAN?

In a WLAN man-in-the-middle attack, the attacker positions themselves between the user and the access point so that traffic flows through the attacker rather than directly to the real AP. The best description here is when the attacker hijacks mobile devices by spoofing a stronger signal from an AP, effectively presenting a rogue or enhanced AP that looks legitimate. When a device connects to this attacker-controlled AP, the attacker can route the traffic, inspect it, and potentially alter or inject data before it reaches the real network. This interception and possible modification of communications is what defines a MITM in wireless environments.

This differs from a pure passive eavesdropping attack, where the attacker simply listens without altering traffic. It also isn’t simply flooding the AP to cause a denial of service, which disrupts service rather than covertly intercepting conversations. A replay attack involves capturing and re-sending previously transmitted data, which is a different tactic and not the same as placing an intermediary between the endpoints.