DoubleDirect” MitM Attack Causes Risk to iOS, Android and OS X Users


ios-7-vs-androidA security firm has discovered a particular type of Man-in-the-Middle (MitM) attack targeting Android, iOS, smartphones and OS X users around the world.

Zimperium from San Francisco Thursday blog post revealed that just like other MitM attacks, this DoubleDirect can permit the cyber criminal to intercept important data, such as login credentials, email ID’s, personal data, banking information or deliver malware to the targeted vulnerable devices through redirecting the a victim’s traffic to the attacker-operated devices.

However, with a twist, this DoubleDirect will use ICMP redirecting packets to change the routing path of the victim host that causes traffic to flow through a random network path from the particular IP according to the blog.

“Once redirected, the attacker can compromise the mobile device by chaining the attack with an additional Client Slide vulnerability (e.g.:browser vulnerability), and in turn, provide attack access to the corporate network,” Zimperim added.

The attack is working on the newest version of iOS that includes 8.1.1 version; Android devices, which the firm tested that includes Lollipop and Nexus 5; Yosemite on OS X; the blog said. From the blog post, the firm has educated the users on how they can manually disable the ICMP Redirect from their Macs to minimize the issue.

Patrick Muray, the vice president of Zimperium products have said to the SC csinfotech.org last Friday interview that similar security measures can’t be easily applied to iOS and Android devices because users will need permissions to disable the acceptance of the ICMP redirecting packets.

According to Murray, “The other way to handle this is for the entire website properties to handle full HTTPS, by doing this; it would be hard for you to do anything with the attack.”

From the blog, Zimperium recognized 31 countries that include USA, UK and Canada from where the attacks are happening. At the time of campaign, traffic coming from Google, Hotmail, Live,com, Facebook, Twitter and Naver (Korean Website) were detected as redirected by the attack using “DoubleDirect” technique.

Zimperium firm noted from its blog that this new attacking technique is the “full derivative of a known ICMP Redirect attack”, which had been revealed many years back. The company provides a comprehensive “Proof-of-Concept” PoC for DoubleDirect Attack, which users could download from the web.

The blog post said, “Zimperium is releasing this information at this time to increase awareness as some operating system vendors have yet to implement protection at this point from ICMP Redirect Attacks as there is attacks in-the-wild.”

Chris Messer, the vice president of Coretelligent technology, which is an IT and cloud services firm said in an arranged email commentary that “DoubleDirect has the potential to be an extremely serious attack technique  more especially an increasing numbers of people conduct sensitive transactions from their smartphones and tablets.”

The attackers are very desperate to gather credit card information and “personally identifiable information” or PII that various banks, shopping, transportation or other well-known applications and stores. Chris Messer wrote to the advertising firms to use strong “mobile device management program” to monitor threats like this.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s