Malvertising targeting IoT devices connected to smart home networks
A global-scale malvertising attack aimed specifically at home-network based IoT devices has been uncovered by global cybersecurity firm GeoEdge.
Working in cooperation with the company's AdTech partners InMobi and Verve Group, GeoEdge's security researchers identified both the attack vector as well its origins from bad actors in Slovenia and Ukraine.
GeoEdge's security research team has been investigating the malvertising attack on smart home IoT devices since mid-June 2021. The widely distributed attack vector is the first to use online advertising to silently install apps on home-WiFi-connected IoT devices, and only requires that hackers possess a basic understanding of device API documentation, some JavaScript knowledge and rudimentary online advertising skills.
Market research firm IoT Analytics forecasts more than 30 billion IoT device connections worldwide by 2025, making home and industrial IoT an extremely attractive and vulnerable frontier for malvertisers.
"GeoEdge's patented behavioural code analysis technology and advanced malware detection capabilities detected these online ads covertly injecting malware into smart-home IoT devices," says GeoEdge chief executive Amnon Siev.
"With the collaboration between InMobi and Verve, we exposed the origin, infrastructure and global scale of these attacks," he says.
"This joint mission is built on trust and a deep understanding of the threat landscape which has enabled us to create a new standard for user protection."
Malvertising, or malicious advertising, spreads malware through the injection of malicious code into online display ads via online advertising networks, exposing user networks and connected devices to the potential risk of infection. Advertising networks are generally unaware they are serving malicious content and in the cases discovered by GeoEdge, users targeted with the attack aren't even required to click on the infected ad or navigate to a malicious page to initiate the attack on home network devices.
"Digital advertising continues to capture a larger share of marketing budgets for companies large and small and as with that growth comes potential risks," says Kunal Nagpal, SVP and GM, Publisher Platform and Exchange atInMobi.
"It is critical that we have the checks and balances to identify and contain potential malicious threats before they can infect users' devices," he says.
"Our collaboration with GeoEdge enhances user protection across the advertising ecosystem through advanced real-time detection, ensures the delivery of safe ads to our global partners and helps us maintain quality and user trust."
The impacts of the broad IoT attack revealed in GeoEdge's research include the ability to manipulate IoT devices, download apps without users consent, and risks theft of personal information and monetary instruments as well as tampering with home systems such as smart locks and surveillance cameras.
To block such attacks, GeoEdge notes that antivirus apps and even firewalls are not sufficient, making it necessary to continuously block infected ads in real-time to prevent them from being rendered and presented to users.
"As we work to maintain a clean and transparent ecosystem, the ad security landscape constantly evolves, introducing new cybersecurity risks which require innovative solutions," adds Pieter de Zwart, VP of Engineering at GeoEdge partner Verve Group.
We are committed to ensuring a safe advertising experience and partnering with key industry players enables us fulfill that mission."