Upload
chandrak-trivedi
View
96
Download
0
Embed Size (px)
Citation preview
101015275_DoubleDirect_Chandrak Trivedi 1
DOUBLEDIRECT – MAN-IN-THE-MIDDLE ATTACK (MITM) IN MOBILE DEVICES
101015275_DoubleDirect_Chandrak Trivedi 2
INTRODUCTION• Dangerous type of MitM attack technique.• Explioted against Android, iPhone and Mac users around the world.
Windows and Linux are not affected.• It was used to redirect victim’s traffic from websites domains.• Once done, attackers can steal victims’ valuable personal data, such as
email IDs, login credentials and banking information.• The traffic from various popular websites, including Google, Facebook,
Twitter, Hotmail, Live.com, Naver.com (Korean) and others had redirected.• The attacks have been tracked to more than 30 countries around the globe,
including the US, Canada, the UK, Germany, Spain, China, India, Australia, and Mexico, among many others.
101015275_DoubleDirect_Chandrak Trivedi 3
TECHNOLOGY USED• Routers – IP routes.• HTTP and ICMP packets -
ICMP Redirect Functionality. ICMP packets are a legitimate form of communication between
routers and hosts that lets the network host know that a better route to a certain destination (Google, Facebook, etc.) is available.
• ICMP Redirect - ICMP redirects are used for legitimate purposes by routers on local
networks to let hosts know if there is a better route to the Internet than the default gateway, or if there is a different gateway that should be used.
• Often used as an alternative to an ARP poisoning attack technique.• ICMP Redirect with publicly available tools like Ettercap.
4
ANALYSIS
101015275_DoubleDirect_Chandrak Trivedi
Internet
ICMP Redirect
Service Provider Network
User Device
Attacker Route
DoubleDirect - MitM
101015275_DoubleDirect_Chandrak Trivedi 5
CONCLUSION• Some operating system vendors have yet to implement protection at this
point for ICMP Redirect attacks.
Countermeasures:
• While the best way to prevent ICMP redirects is to change networks to not allow changes from untrusted or unauthenticated sources, this is an impractical fix.
• Vendors should monitor networks for ICMP redirects with an intrusion detection system.
• All Mac and Android Users can disable ICMP redirect manually.• For Android users, Download
zIPS – Zimperium Mobile IPS – protection against advanced host and network mobile attacks, including DoubleDirect. zANTI2 – Mobile Diagnostics to perform DoubleDirect
• For Apple Users, Apple Fixed a Nasty MitM Vulnerability in the Latest watchOS
• Most of GNU/Linux and Windows operating system do not accept ICMP redirect packets.