Malicious advertising targeting IoT devices connected to smart home networks


A worldwide malicious ad attack specifically targeting home network-based IoT devices has been discovered by global cybersecurity company GeoEdge.

Working with the company’s AdTech partners, InMobi and Verve Group, GeoEdge security researchers have identified both the attack vector as well as its origins with malicious actors in Slovenia and Ukraine.

GeoEdge’s security research team has been studying the malicious attack against smart home IoT devices since mid-June 2021. The widely distributed attack vector is the first to use online advertising to silently install apps on devices. IoT devices connected to home Wi-Fi, and only requires that. hackers have a basic understanding of device API documentation, knowledge of JavaScript, and basic online advertising skills.

Market research firm IoT Analytics predicts more than 30 billion IoT device connections globally by 2025, making home and industrial IoT an extremely attractive and vulnerable frontier for malverters.

“GeoEdge’s patented behavioral code analysis technology and advanced malware detection capabilities detected these online advertisements by secretly injecting malware into smart home IoT devices,” said GeoEdge CEO , Amnon Siev.

“With the collaboration between InMobi and Verve, we have exposed the origin, infrastructure and global scale of these attacks,” he said.

“This shared mission is built on trust and a deep understanding of the threat landscape, which has enabled us to create a new standard for user protection.”

Malicious advertising, or malicious advertising, spreads malware by injecting malicious code into online advertisements through online ad networks, exposing user networks and connected devices to a potential risk of infection. Ad networks are generally unaware that they are serving malicious content and in cases uncovered by GeoEdge, users targeted by the attack are not even required to click on the infected ad or navigate to a malicious page to launch. attack on devices in the home network.

“Digital advertising continues to capture a larger share of the marketing budgets of businesses large and small, and with this growth comes potential risks,” says Kunal Nagpal, SVP and GM, Publisher Platform and Exchange at InMobi.

“It’s essential that we have the checks and balances to identify and contain potential malicious threats before they can infect users’ devices,” he says.

“Our collaboration with GeoEdge improves user protection in the advertising ecosystem through advanced real-time detection, ensures secure ad serving to our global partners, and helps us maintain quality and user confidence.

The impacts of the large-scale IoT attack revealed in GeoEdge’s research include the ability to manipulate IoT devices, download applications without user consent, and the risks of theft of personal information and monetary instruments as well. than tampering with home systems such as smart locks and surveillance cameras.

To block such attacks, GeoEdge notes that antivirus apps and even firewalls are not enough, forcing the infected ads to be permanently blocked in real time to prevent them from being rendered and presented to users.

“As we work to maintain a clean and transparent ecosystem, the ad security landscape is constantly evolving, introducing new cybersecurity risks that require innovative solutions,” adds Pieter de Zwart, vice president of engineering at Verve Group. , partner of GeoEdge.

We are committed to ensuring a safe advertising experience and partnering with key industry players enables us to fulfill this mission. ”

Leave A Reply

Your email address will not be published.