this post was submitted on 27 Sep 2023
227 points (96.3% liked)

Technology

70395 readers
3935 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
227
Online Ads Can Infect Your Device with Spyware (www.scientificamerican.com)
submitted 2 years ago by Bebo@literature.cafe to c/technology@lemmy.world
49 comments fedilink hide all child comments
 

An investigative report reveals that new spyware can slip in unseen through online ads—and there is currently no defense against it. So not only that online ads are intrusive and can infect devices through malware, they can also be used for spying.

you are viewing a single comment's thread
view the rest of the comments
[–] bjoern_tantau@swg-empire.de 3 points 2 years ago* (last edited 2 years ago) (2 children)

~~This is using some vulnerability in iOS. I'm an Android and Linux guy, but let's hope Apple quickly finds the bug and fixes it.~~ And fuck that agency for not alerting Apple and instead profiting from it. And fuck the Israeli government for enabling them.

Edit: I misread, supposedly this is miraculously able to target every device.

[–] madsen@lemmy.world 6 points 2 years ago* (last edited 2 years ago)

From the article:

What sets Insanet’s Sherlock apart from Pegasus is its exploitation of ad networks rather than vulnerabilities in phones. A Sherlock user creates an ad campaign that narrowly focuses on the target’s demographic and location, and places a spyware-laden ad with an ad exchange. Once the ad is served to a web page that the target views, the spyware is secretly installed on the target’s phone or computer.

If they're using ads on a web page to install spyware, then they're most definitely exploiting vulnerabilities—unless they're showing the user a 'do you want to install XYZ?', in which case this isn't newsworthy at all. Ads aren't some magical thing that can just go around installing shit silently, so I don't know wtf the article is going on about, but it doesn't make sense.

Edit: The Register seems to have a more sensible take on it: https://www.theregister.com/2023/09/16/insanet_spyware/

[–] Semi-Hemi-Demigod@kbin.social 5 points 2 years ago

Even better: Thanks to ad tracking you can show specific malware to a specific cohort of people. Want to get spyware on every computer in DC? Just sign up for our ad program!