DoubleDirect is the name of a new Man-in-the-Middle (MitM) attack discovered by security researchers that is targeting mobile devices running either iOS or Android and potentially Mac OS X systems.
The DoubleDirect MitM attack allows attackers to hijack the victim’s traffic of major websites such as Facebook, Google and Twitter to a device controlled by the attacker.
As explained by security experts at mobile security firm Zimperium, once the attackers has redirected the victim’s traffic, it could be able to steal victims’ sensitive data, including personal data and login credentials, or serve malicious code on the targeted device.
In the blog post recently published by Zimperium the experts revealed that threat actors worldwide are already exploiting the DoubleDirect technique across 31 countries. Bad actors redirected users of several IT companies, including Facebook, Google, Hotmail, Live.com and Twitter.
The DoubleDirect technique exploits the ICMP (Internet Control Message Protocol) redirect packets in order to change the routing tables of a host used by routers to provide information on the best path to the destination.
“With the detection of DoubleDirect in the wild we understood that the attackers are using previously unknown implementation to achieve full-duplex MITMs using ICMP Redirect” states the post.
“An attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP,” Zimperium warned. “As a result, the attacker can launch a MitM attack, redirecting the victim’s traffic to his device.“
“Once redirected, the attacker can compromise the mobile device by chaining the attack with an additional Client Side vulnerability (e.g.: browser vulnerability), and in turn, provide an attack with access to the corporate network.“
“We have investigated the attacks and also created a POC tool to prove that it is possible to perform full-duplex ICMP Redirect attacks. ICMP Redirect attacks are not easy to emulate because the attacker must know beforehand which IP address the victim has accessed”
“Zimperium is releasing this information at this time to increase awareness as some operating system vendors have yet to implement protection at this point from ICMP Redirect attacks as there are attacks in-the-wild,” the post reads.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.