Unplanned Detour: New Type of MitM Attack Will Drive Your Traffic Astray

Yet another potentially serious threat smartphone users have to face. This time around, however, it’s not about any one platform in particular. The threat comes in the form of a man-in-the-middle attack and indiscriminately targets both Android and iOS users, it is even possible that OSX users will fall victim to it. Windows and Linux users appear to be safe.

Named DoubleDirect, the attack takes advantage of the Internet Control Message Protocol (ICMP) and uses redirect packets to alter the routing tables on the victim host. Both the attacker and the victim need to be on the same AP/network for this attack to work. “It sends a spoofed ICMP redirect message to the hosts in the LAN pretending to be a better route for internet. All connections to internet will be redirected to the attacker which, in turn, will forward them to the real gateway,” describes the report by Zimperium. The attack is focused on major sites, including:

  • Google
  • Facebook
  • Twitter
  • Live.com
  • Hotmail
  • Naver

The target countries include the United States, the United Kingdom, Canada, and 29 other countries. Some good news is that not all devices accept redirects by default. To find out if your device is affected, you can run the following command:

# cat /proc/sys/net/ipv4/conf/all/accept_redirects

IF you wish to disable “accept_redirects,” you will have to root your device (Android) and run the following command:

# echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

For mac users, add the following to your start-up scripts as a root:

# sysctl -w net.inet.ip.redirect=0