An investigative report reveals that new spyware can slip in unseen through online ads—and there is currently no defense against it. So not only that online ads are intrusive and can infect devices through malware, they can also be used for spying.

  • Björn Tantau@swg-empire.de
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    2
    ·
    edit-2
    1 year ago

    This is using some vulnerability in iOS. I’m an Android and Linux guy, but let’s hope Apple quickly finds the bug and fixes it. And fuck that agency for not alerting Apple and instead profiting from it. And fuck the Israeli government for enabling them.

    Edit: I misread, supposedly this is miraculously able to target every device.

    • Semi-Hemi-Demigod@kbin.social
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      Even better: Thanks to ad tracking you can show specific malware to a specific cohort of people. Want to get spyware on every computer in DC? Just sign up for our ad program!

      • fubo@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        This sort of creepitude isn’t even specific to online ads.

        You know postal junk mail? The “direct marketing” companies that enable it will cheerfully sell you a list of the home addresses of people meeting any demographic characteristics you want.

        Do you have reason to want a list of 18-25-year-old gay men in the Boston area, widowed Asians in San Francisco, or military veterans in Oklahoma City? With their names, ages, and their home addresses?

        They can sell you one, perfectly legally, and it’s not even that expensive.

    • madsen@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      From the article:

      What sets Insanet’s Sherlock apart from Pegasus is its exploitation of ad networks rather than vulnerabilities in phones. A Sherlock user creates an ad campaign that narrowly focuses on the target’s demographic and location, and places a spyware-laden ad with an ad exchange. Once the ad is served to a web page that the target views, the spyware is secretly installed on the target’s phone or computer.

      If they’re using ads on a web page to install spyware, then they’re most definitely exploiting vulnerabilities—unless they’re showing the user a ‘do you want to install XYZ?’, in which case this isn’t newsworthy at all. Ads aren’t some magical thing that can just go around installing shit silently, so I don’t know wtf the article is going on about, but it doesn’t make sense.

      Edit: The Register seems to have a more sensible take on it: https://www.theregister.com/2023/09/16/insanet_spyware/

    • gregorum@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      Apple released an update day before yesterday, and another today.