Ad blockers may seem like an unlikely defense in the fight against spyware, but new reports shed new light on how spyware makers are weaponizing online ads to allow governments to conduct surveillance.
Spyware makers are reportedly able to detect and covertly infect specific targets with spyware using banner ads.
One of the startups that worked on an ad-based spyware infection system is Intellexa, a European company that develops Predator spyware. The Predator is able to access the full contents of a target’s phone in real time.
According documents seen by the Israeli news agency Haaretz, Intellexa presented a proof-of-concept system in 2022 called Aladdin that allowed phone spyware to be planted through online ads. The documents included a demonstration of the Aladdin system with technical explanations of how the spyware infects its targets and examples of malicious ads: “apparently targeting graphic designers and activists with job offers, through which the spyware will be introduced to their device “, Haaretz have reported.
It is unclear whether Aladdin was fully developed or sold to government customers.
Another private Israeli company called Insanet succeeded in developing an ad-based infection system able to track down an individual in an ad network, Haaretz revealed last year.
Online ads help website owners, including this one, generate revenue. However, online ad exchanges can be abused to push malicious code onto a target’s device.
Malware delivery through malicious ads, often referred to as adware, works by inserting malicious code into the ads that appear on websites in computer and phone browsers. Many of these attacks rely on some interaction with the victim, such as clicking on a link or opening a malicious file.
However, the global ubiquity of online advertising greatly increases the reach that government clients have to target individuals—including their critics—with covert spyware.
Although no phone or computer can ever be completely hacked, ad blockers can be effective in stopping malicious advertising and ad-based malware before it ever reaches the browser.
Ad blockers — as the name suggests — prevent ads from appearing in web browsers. Ad blockers don’t just hide ads, but rather block the underlying website from loading the ads in the first place. This is also good for privacy, as it means ad exchanges can’t use tracking code to see what sites users visit as they browse the web. Ad blocking software is also available for phones.
Security experts have long advised using an ad blocker to prevent malicious ad attacks. In 2022, the FBI said in a public service announcement to use an ad blocker as an online safety precaution.
“Everyone should block ads,” he tweeted John Scott-Railton, a senior researcher at Citizen Lab who has researched government spyware, in response to the Haaretz report. “It’s a matter of safety.”
