Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

DoubleDirect MitM Attacks are targeting users worldwide

Security experts at Zimperium discovered a new MITM attack technique dubbed DoubleDirect that is targeting iOS, Android and Mac users worldwide. DoubleDirect is the name of a new Man-in-the-Middle (MitM) attack discovered by security researchers that is targeting mobile devices running either iOS or Android and potentially Mac OS X systems. The DoubleDirect MitM attack allows attackers to hijack the victim’s traffic […]

DoubleDirect MitM Attacks are targeting users worldwide

Security experts at Zimperium discovered a new MITM attack technique dubbed DoubleDirect that is targeting iOS, Android and Mac users worldwide.

DoubleDirect is the name of a new Man-in-the-Middle (MitM) attack discovered by security researchers that is targeting mobile devices running either iOS or Android and potentially Mac OS X systems.

The DoubleDirect MitM attack allows attackers to hijack the victim’s traffic of major websites such as Facebook, Google and Twitter to a device controlled by the attacker.

As explained by security experts at mobile security firm Zimperium, once the attackers has redirected the victim’s traffic, it could be able to steal victims’ sensitive data, including personal data and login credentials, or serve malicious code on the targeted device.

In the blog post recently published by Zimperium the experts revealed that threat actors worldwide are already exploiting the DoubleDirect technique across 31 countries. Bad actors redirected users of several IT companies, including Facebook, Google, Hotmail, Live.com and Twitter.

doubledirect MITM attack

The DoubleDirect technique exploits the ICMP (Internet Control Message Protocol) redirect packets in order to change the routing tables of a host used by routers to provide information on the best path to the destination.

“With the detection of DoubleDirect in the wild we understood that the attackers are using previously unknown implementation to achieve full-duplex MITMs using ICMP Redirect” states the post.

As explained by experts Windows and Linux users are immune to the DoubleDirect attack because most of GNU/Linux and Windows desktop operating system do not accept ICMP redirect packets that is exploited by attackers to carry the malicious traffic.

An attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP,” Zimperium warned. “As a result, the attacker can launch a MitM attack, redirecting the victim’s traffic to his device.

Once redirected, the attacker can compromise the mobile device by chaining the attack with an additional Client Side vulnerability (e.g.: browser vulnerability), and in turn, provide an attack with access to the corporate network.

Zimperium has provided a Proof-of-Concept (PoC) for the DoubleDirect Attack, the code allows full-duplex ICMP redirect attack by predicting the IP addresses the victim tries to connect to. The IP addresses are predicted by sniffing the DNS traffic of the target, once discovered that attackers send an ICMP redirect packet to all IP addresses.
“We have investigated the attacks and also created a POC tool to prove that it is possible to perform full-duplex ICMP Redirect attacks. ICMP Redirect attacks are not easy to emulate because the attacker must know beforehand which IP address the victim has accessed” 
The experts at Zimperium also explained how to manually disable ICMP Redirect on their Macs to remediate the issue.

Zimperium is releasing this information at this time to increase awareness as some operating system vendors have yet to implement protection at this point from ICMP Redirect attacks as there are attacks in-the-wild,” the post reads.

Pierluigi Paganini

(Security Affairs –  DoubleDirect attack,MITM)