More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (15)
Similar to DoubleDirect - MitM
Similar to DoubleDirect - MitM (20)
More from Chandrak Trivedi
More from Chandrak Trivedi (8)
Recently uploaded
Recently uploaded (20)
DoubleDirect - MitM
- 1. DOUBLEDIRECT – MAN-IN-THE-MIDDLE ATTACK (MITM) IN MOBILE DEVICES 101015275_DoubleDirect_Chandrak Trivedi 1
- 2. INTRODUCTION 101015275_DoubleDirect_Chandrak Trivedi 2 • Dangerous type of MitM attack technique. • Explioted against Android, iPhone and Mac users around the world. Windows and Linux are not affected. • It was used to redirect victim’s traffic from websites domains. • Once done, attackers can steal victims’ valuable personal data, such as email IDs, login credentials and banking information. • The traffic from various popular websites, including Google, Facebook, Twitter, Hotmail, Live.com, Naver.com (Korean) and others had redirected. • The attacks have been tracked to more than 30 countries around the globe, including the US, Canada, the UK, Germany, Spain, China, India, Australia, and Mexico, among many others.
- 3. TECHNOLOGY USED 101015275_DoubleDirect_Chandrak Trivedi 3 • Routers – IP routes. • HTTP and ICMP packets - ICMP Redirect Functionality. ICMP packets are a legitimate form of communication between routers and hosts that lets the network host know that a better route to a certain destination (Google, Facebook, etc.) is available. • ICMP Redirect - ICMP redirects are used for legitimate purposes by routers on local networks to let hosts know if there is a better route to the Internet than the default gateway, or if there is a different gateway that should be used. • Often used as an alternative to an ARP poisoning attack technique. • ICMP Redirect with publicly available tools like Ettercap.
- 4. ANALYSIS 101015275_DoubleDirect_Chandrak Trivedi 4 Service Provider Network User Device Attacker Route
- 5. CONCLUSION 101015275_DoubleDirect_Chandrak Trivedi 5 • Some operating system vendors have yet to implement protection at this point for ICMP Redirect attacks. Countermeasures: • While the best way to prevent ICMP redirects is to change networks to not allow changes from untrusted or unauthenticated sources, this is an impractical fix. • Vendors should monitor networks for ICMP redirects with an intrusion detection system. • All Mac and Android Users can disable ICMP redirect manually. • For Android users, Download zIPS – Zimperium Mobile IPS – protection against advanced host and network mobile attacks, including DoubleDirect. zANTI2 – Mobile Diagnostics to perform DoubleDirect • For Apple Users, Apple Fixed a Nasty MitM Vulnerability in the Latest watchOS • Most of GNU/Linux and Windows operating system do not accept ICMP redirect packets.
- 6. 101015275_DoubleDirect_Chandrak Trivedi 6 Mobile Device are the Second best source for Attackers, so be aware and keep Mobile device as secure as your Personal computer.
Editor's Notes
- Point 2 contd - The most Android devices tested appeared to be at risk, including Nexus 5 and Lollipop, as well as iOS users. The attack was successful on Apple’s latest version (8.1.1), with the possibility of also impacting Mac OS X Yosemite users. Point 4 contd - as well as can deliver malware to the targeted mobile device. Infection device can also impact cooperate devices or network. Point 5 - during the attacks on victim’s devices in an effort to collect valuable personal data.
- - function ICMP redirect. Used for different purpose but attacker’s used it efficiently so it turn out to be vulnerability in ICMP redirect. - Ettercap is a comprehensive suite for man in the middle attacks.
- - In the DoubleDirect attack, a hacker hijacks DNS connections with IMCP redirects and then does an ICMP redirect on all of the hosts on the network connected to the DNS server. In the ICMP redirect, the attacker tells victim systems there is a better route to use and intercepts all traffic from the victim system to perform a man-in-the-middle or man-in-the-mobile attack.
- Contd… investigate any ICMP redirect packets with sources other than approved routers. Alternately, the network could block any sources of ICMP redirect packets other than from approved routers. Endpoints should have ICMP redirect functionality enabled by default (like Windows and Linux do) to prevent this attack. Otherwise, a host-based intrusion prevention system that blocks ICMP redirects can be used.