GeoEdge detects malvertising attack on smart home IoT devices, says antivirus apps and firewall not enough

A global-scale malvertising attack, the first ad-based cybercrime that targets home-network based IoT devices, has been uncovered by global cybersecurity company GeoEdge.

GeoEdge’s security researchers identified both the attack vector as well its origins in Slovenia and Ukraine in cooperation with the company’s AdTech partners InMobi and Verve Group.

GeoEdge says its security research team has been investigating the malvertising attack on smart home IoT devices since mid-June 2021.

The widely distributed attack vector is the first to use online advertising to silently install itself on apps on home-WiFi-connected IoT devices, and only requires that hackers possess a basic understanding of device API documentation, some JavaScript knowledge, and online advertising skills.

Market research firm IoT Analytics forecasts more than 30 billion IoT device connections worldwide by 2025. The sheer number of devices makes them attractive to malvertisers, and hackers can exploit them.

“GeoEdge’s patented behavioural code analysis technology and advanced malware detection capabilities detected these online ads covertly injecting malware into smart-home IoT devices,” explains GeoEdge CEO Amnon Siev. “We were able to expose the origin, infrastructure, and global scale of these attacks. This joint mission is built on trust and a deep understanding of the threat landscape which has enabled us to create a new standard for user protection.”

“Malvertising,” or malicious advertising, spreads malware through the injection of malicious code into online display ads via online advertising networks, which can potentially risk infection.

Advertising networks are generally unaware they are serving malicious content.

According to GeoEdge, users targeted with the attack aren't even required to click on the infected ad or navigate to a malicious page to initiate the attack on home network devices.

“It is critical that we have the checks and balances to identify and contain potential malicious threats before they can infect users’ devices,” explains InMobi senior vice president and general manager, publisher platform and exchange Kunal Nagpal.

Nagpal says InMobi’s collaboration with GeoEdge enhances user protection across advertising networks through real-time protection, and ensures delivery of safe ads to partners.

According to GeoEdge’s research, the IoT attack has the ability to manipulate IoT devices, download apps without users’ content, and risks theft of personal information and monetary instruments, as well as tampering with home systems such as smart locks and surveillance cameras.

GeoEdge notes antivirus apps and even firewalls are not sufficient, making it necessary to continuously block infected ads in real-time to prevent them from being rendered and presented to users.

Verve Group vice president of engineering Pieter de Zwart says that as the ad security landscape evolves, new cybersecurity risks require solutions.

He concludes that GeoEdge is committed to ensuring a safe advertising experience. “Partnering with key industry players enables us to fulfil that mission.”