Android and iOS users vulnerable to new attack
Posted by: Timothy Weaver on 11/21/2014 10:16 AM
[
Comments
]
Security researchers warn that hackers are running “Man-in-the-Middle” attacks (MitM) against smartphones.
Mobile security firm Zimperium has detected the attack against the customers of web giants including Google, Facebook, Live.com and Twitter, across 31 countries.
The DoubleDIrect attack focuses on either iOS or Android users. It does not affect users running Windows or Linux because their operating systems don't accept ICMP redirection packets that carry malicious traffic.
Zimperium explains the attack as follows:
DoubleDirect uses ICMP Redirect packets to modify routing tables of a host. This is legitimately used by routers to notify the hosts on the network that a better route is available for a particular destination. However, an attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP.
As a result, the attacker can launch a MitM attack, redirecting the victim’s traffic to his device. Once redirected, the attacker can compromise the mobile device by chaining the attack with additional Client Side vulnerability (e.g: browser vulnerability), and in turn, provide an attacker with access to the corporate network.
Mobile security firm Zimperium has detected the attack against the customers of web giants including Google, Facebook, Live.com and Twitter, across 31 countries.
The DoubleDIrect attack focuses on either iOS or Android users. It does not affect users running Windows or Linux because their operating systems don't accept ICMP redirection packets that carry malicious traffic.
Zimperium explains the attack as follows:
DoubleDirect uses ICMP Redirect packets to modify routing tables of a host. This is legitimately used by routers to notify the hosts on the network that a better route is available for a particular destination. However, an attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP.
As a result, the attacker can launch a MitM attack, redirecting the victim’s traffic to his device. Once redirected, the attacker can compromise the mobile device by chaining the attack with additional Client Side vulnerability (e.g: browser vulnerability), and in turn, provide an attacker with access to the corporate network.
Comments
