This article talks about how users of Spotify’s free service have noticed that many advertisements automatically open their web browser, without them clicking on the advertisement. These websites contain virus and malware, and can contaminate the device without the user taking any action in it. Not only are the users directed to malicious sites, but malware can automatically be downloaded from these sites in attacks known as “drive-by-attacks”. These “malvertising” campaigns are the results of scripts being hidden in advertisements, which does everything automatically. What worries me, a lot of times advertisements are not thoroughly screened before being accepted. It wouldn’t surprise me if we start seeing more of these types of attacks.
Link: http://www.securityweek.com/spotify-falls-victim-malvertising-attack
This is an extremely interesting article. If think outside the bounds of just Spotify, a lot of freemium apps provide ads in exchange for their service, e.g., Facebook, games, etc. If these companies do not properly screen the ads that they add into their network they are making hundreds, thousands, or even billions of people vulnerable to malicious attacks on their devices without the consumers knowledge. So how could we as consumers protect ourselves if we entrust these companies to screen for these types of attacks?
I agree with Loi Van – these companies should be required to do more due diligence and vulnerability testing for their advertisers to protect their customers.
In the meantime, I’ll be happy to pay my Spotify bill this month knowing that I’m not vulnerable to this threat. Can’t really complain with the $5 per month student rate for this service!
To answer your question Loi Van, I believe one of the best ways to force companies to go the extra mile to ensure full protection is for us (consumers) to start taking cyber security more seriously as we should. We have to make them feel cyber security is an important factor in the services big organizations offer. Hopefully Spotify addresses this quickly before it gets worse. Has Spotify commented on what happened and how they’re addressing this? I’m assuming they did, but couldn’t find anything so far.