• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

 | 

Security Affairs newsletter Round 529 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Iran confirmed it shut down internet to protect the country against cyberattacks

 | 

Godfather Android trojan uses virtualization to hijack banking and crypto apps

 | 

Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider

 | 

Linux flaws chain allows Root access across major distributions

 | 

A ransomware attack pushed the German napkin firm Fasana into insolvency

 | 

Researchers discovered the largest data breach ever, exposing 16 billion login credentials

 | 

China-linked group Salt Typhoon breached satellite firm Viasat

 | 

Iran experienced a near-total national internet blackout

 | 

Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers

 | 

Healthcare services company Episource data breach impacts 5.4 Million people

 | 

Watch out, Veeam fixed a new critical bug in Backup & Replication product

 | 

U.S. CISA adds Linux Kernel flaw to its Known Exploited Vulnerabilities catalog

 | 

News Flodrix botnet targets vulnerable Langflow servers

 | 

U.S. CISA adds Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities catalog

 | 

Attackers target Zyxel RCE vulnerability CVE-2023-28771

 | 

India-based car-sharing company Zoomcar suffered a data breach impacting 8.4M users

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Hacking
  • DoubleDirect MitM Attacks are targeting users worldwide

DoubleDirect MitM Attacks are targeting users worldwide

Pierluigi Paganini November 22, 2014

Security experts at Zimperium discovered a new MITM attack technique dubbed DoubleDirect that is targeting iOS, Android and Mac users worldwide.

DoubleDirect is the name of a new Man-in-the-Middle (MitM) attack discovered by security researchers that is targeting mobile devices running either iOS or Android and potentially Mac OS X systems.

The DoubleDirect MitM attack allows attackers to hijack the victim’s traffic of major websites such as Facebook, Google and Twitter to a device controlled by the attacker.

As explained by security experts at mobile security firm Zimperium, once the attackers has redirected the victim’s traffic, it could be able to steal victims’ sensitive data, including personal data and login credentials, or serve malicious code on the targeted device.

In the blog post recently published by Zimperium the experts revealed that threat actors worldwide are already exploiting the DoubleDirect technique across 31 countries. Bad actors redirected users of several IT companies, including Facebook, Google, Hotmail, Live.com and Twitter.

doubledirect MITM attack

The DoubleDirect technique exploits the ICMP (Internet Control Message Protocol) redirect packets in order to change the routing tables of a host used by routers to provide information on the best path to the destination.

“With the detection of DoubleDirect in the wild we understood that the attackers are using previously unknown implementation to achieve full-duplex MITMs using ICMP Redirect” states the post.

As explained by experts Windows and Linux users are immune to the DoubleDirect attack because most of GNU/Linux and Windows desktop operating system do not accept ICMP redirect packets that is exploited by attackers to carry the malicious traffic.

“An attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP,” Zimperium warned. “As a result, the attacker can launch a MitM attack, redirecting the victim’s traffic to his device.“

“Once redirected, the attacker can compromise the mobile device by chaining the attack with an additional Client Side vulnerability (e.g.: browser vulnerability), and in turn, provide an attack with access to the corporate network.“

Zimperium has provided a Proof-of-Concept (PoC) for the DoubleDirect Attack, the code allows full-duplex ICMP redirect attack by predicting the IP addresses the victim tries to connect to. The IP addresses are predicted by sniffing the DNS traffic of the target, once discovered that attackers send an ICMP redirect packet to all IP addresses.
“We have investigated the attacks and also created a POC tool to prove that it is possible to perform full-duplex ICMP Redirect attacks. ICMP Redirect attacks are not easy to emulate because the attacker must know beforehand which IP address the victim has accessed” 
The experts at Zimperium also explained how to manually disable ICMP Redirect on their Macs to remediate the issue.

“Zimperium is releasing this information at this time to increase awareness as some operating system vendors have yet to implement protection at this point from ICMP Redirect attacks as there are attacks in-the-wild,” the post reads.

Pierluigi Paganini

(Security Affairs –  DoubleDirect attack,MITM)


facebook linkedin twitter

Android DoubleDirect Hacking ICMP iOS Mac OSX MITM Zimperium

you might also like

Pierluigi Paganini June 23, 2025
The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M
Read more
Pierluigi Paganini June 23, 2025
Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

    Cyber Crime / June 23, 2025

    Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

    Cyber warfare / June 23, 2025

    Qilin ransomware gang now offers a "Call Lawyer" feature to pressure victims

    Breaking News / June 22, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

    Breaking News / June 22, 2025

    Security Affairs newsletter Round 529 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / June 22, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT