There's a new man-in-the-middle attack technique called "DoubleDirect," which targets smartphones. What is the...
best way to prevent or avoid this kind of technique, as well as other "man-in-the-mobile" attacks?
Modern networks operate with a significant amount of trust that devices connecting to them will not behave maliciously. The basic tenet of not trusting commands from untrusted and unauthenticated sources was not widely understood when TCP/IP was designed in the 1970's. Trust in the network has caused many issues and is one of the reasons hackers from the L0pht told Congress in 1998 they could take down the Internet in less than 30 minutes. There was speculation the vulnerability they were hinting at was in the Border Gateway Patrol, and current research identifies vulnerabilities in BGP that could do what the hackers warned about.
Zimperium Mobile Security Labs announced a vulnerability called DoubleDirect in ICMP redirect functionality. ICMP redirects are used for legitimate purposes by routers on local networks to let hosts know if there is a better route to the Internet than the default gateway, or if there is a different gateway that should be used.
In the DoubleDirect attack, a hacker hijacks DNS connections with IMCP redirects and then does an ICMP redirect on all of the hosts on the network connected to the DNS server. In the ICMP redirect, the attacker tells victim systems there is a better route to use and intercepts all traffic from the victim system to perform a man-in-the-middle or man-in-the-mobile attack.
While the best way to prevent ICMP redirects is to change networks to not allow changes from untrusted or unauthenticated sources, this is an impractical fix. Rather, enterprises should monitor networks for ICMP redirects with an intrusion detection system and investigate any ICMP redirect packets with sources other than approved routers. Alternately, the network could block any sources of ICMP redirect packets other than from approved routers.
Endpoints should have ICMP redirect functionality enabled by default (like Windows and Linux do) to prevent this attack. Otherwise, a host-based intrusion prevention system that blocks ICMP redirects can be used.
Mobile security must extend beyond malware. Learn more here
Dig Deeper on Mobile security threats and prevention
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.