• Em Adespoton
    link
    fedilink
    English
    371 year ago

    I had an odd moment just now of “wait… you mean that isn’t already obvious to everyone?”

    Then I realized it probably wasn’t.

    • NaibofTabr
      link
      fedilink
      English
      19
      edit-2
      1 year ago

      What sets Insanet’s Sherlock apart from Pegasus is its exploitation of ad networks rather than vulnerabilities in phones. A Sherlock user creates an ad campaign that narrowly focuses on the target’s demographic and location, and places a spyware-laden ad with an ad exchange. Once the ad is served to a web page that the target views, the spyware is secretly installed on the target’s phone or computer.

      This is the part that makes this newsworthy. Insanet uses the advertising infrastructure to target a specific group or even person, and when the ad is displayed it does not require user interaction to install itself. They’ve developed a zero-click exploit, which is very concerning

      I’m not clear on whether an adblocker will actually protect you from this - some adblockers only prevent the display of the ad in your browser, but the content of the ad is still downloaded with the rest of the webpage information. You might actually need something like Pihole to block ad server addresses so that the content never gets downloaded at all, but that would make any browsing outside your home network dangerous.

      • flatbield
        link
        fedilink
        English
        12
        edit-2
        1 year ago

        This is the crazy thing about ads. The ad network and site operators should be responsible for making sure both the ads and the people putting up the ads are trustworthy. The reason I now block all ads is this reason. Neither party cares and they are willing to act as a conduit for this stuff. In most other industries orgs are responsible for their supply chains.

        • NaibofTabr
          link
          fedilink
          English
          1
          edit-2
          1 year ago

          Ah, but see that would require actual human attention and judgment for the vetting process, which would cost money. Automating the ad selling process is so much better… for the shareholders.

          Hmm, sarcasm aside, now I’m thinking about it and wondering if you could at least automatically scan the ad content and distinguish between say, a jpg or webp image and a potentially malicious executable. If you could prevent ads from running any code, and only allow them to display static images, that might be good enough.

          • flatbield
            link
            fedilink
            English
            2
            edit-2
            1 year ago

            There are plenty of ways. They probably just do not want to do it. Easiest might be only certain allowed formats and all the content must be on the ad networks servers. They could allow more options for vetted business partners.

            • NaibofTabr
              link
              fedilink
              English
              11 year ago

              Easiest might be only certain allowed formats

              The problem with this is that I can label a file any format I want, because ultimately the file is just a string of binary. A lot of file formats use embedded headers to make them identifiable regardless of label or metadata, but it’s completely possible to fake those. I could even give you an image file that is malware, which would be difficult to identify until it actually did something malicious.

              I think to be sure, you’d have to basically detonate every ad file in a sandbox environment to see if it tried do anything unexpected, which would be… less than simple. You’d have to check it across every major browser and OS, because it might only operate on specific systems.

      • @MasterBuilder
        link
        English
        21 year ago

        Any DNS based blocker will filter out anything from URLs at the source, so no data is received. I use AdAway with Magisk. Blocklists are updated regularly.

      • newIdentity
        link
        fedilink
        English
        2
        edit-2
        1 year ago

        The ad is downloaded, but it’s removed before execution