For at least six months, a security firm has seen a specific type of man-in-the-middle (MitM) attack, dubbed “DoubleDirect,” being leveraged, which puts iOS, Android and OS X users at risk. San Francisco-based Zimperium detailed the threat in a Thursday blog post, revealing that, like other MitM attacks, DoubleDirect could allow a saboteur to intercept sensitive data, like credentials, or deliver malware to vulnerable devices, by way of redirecting victim’s traffic to attacker-operated devices. But in a twist, DoubleDirect makes use of ICMP redirect packets “to alter the routing tables on the victim host, causing traffic to flow via an arbitrary network path for a particular IP,” the blog post explained…
Read the entire article on SCMagazine.com