DoubleDirect MitM attack targets Android

[LoudRam]

Security researchers have discovered a new type of "Man-in-the-Middle" (MitM) attack in the wild targeting smartphone and tablets users on devices running either iOS or Android around the world.
The MitM attack, dubbed DoubleDirect, enables an attacker to redirect a victim’s traffic of major websites such as Google, Facebook and Twitter to a device controlled by the attacker. Once done, cyber crooks can steal victims’ valuable personal data, such as email IDs, login credentials and banking information as well as can deliver malware to the targeted mobile device.
San Francisco-based mobile security firmZimperium detailed the threat in a Thursday blog post, revealing that the DoubleDirect technique is being used by attackers in the wild in attacks against the users of web giants including Google, Facebook, Hotmail, Live.com and Twitter, across 31 countries, including the U.S., the U.K. and Canada.

More at link...

DoubleDirect MitM Attack Targets Android iOS and OS X Users

 

[Ollie]

Not a word in the article of what to look for to avoid this on mobile devices.

 

[thunderbolt_nick]

Security researchers

This is what I hate about articles like this. There's usually only conjecture involved and they are a security firm...thanks for telling the hackers exactly what to do.

 

[LoudRam]

Not a word in the article of what to look for to avoid this on mobile devices.

I found this in the original blog post. There is a link for it in the story I linked. If your rooted you can stop this. I'm not rooted so I can't.

...On the mobile side, most Android devices (galaxy series) with the accept_redirect field enabled by default

To disable you need to root your device and execute:
# echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

 

[Ollie]

I noticed that too. But I figured I'd put the warning out there anyway.

Makes you wonder if it isn't a scare tactic.