Researchers Uncover Advertising Scam Targeting Streaming-TV Apps
April 21 2021 - 8:29AM
Dow Jones News
By Patience Haggin and Jeff Horwitz
Fraudsters infected nearly one million mobile devices with
software that mimicked streaming-TV apps and collected revenue from
unsuspecting advertisers, according to cybersecurity company Human
Security Inc., exposing vulnerabilities in a fast-growing corner of
the digital ad market.
The fraudsters spoofed an average of 650 million ad placement
opportunities a day in online ad exchanges, stealing ad dollars
meant for streaming apps available on popular streaming-TV
platforms run by Roku Inc., Amazon.com Inc., Apple Inc. and
Alphabet Inc.'s Google, Human Security said.
The researchers described the fraud operation as sophisticated,
but said it could be stymied if digital ad players strictly
followed industry guidelines for tracking the origins of traffic
and implemented certain security features. Human Security didn't
provide an estimate for how much money the fraudsters
collected.
Roku said the scheme didn't affect advertisers who bought ads
from Roku directly. "Roku is committed to fighting ad fraud in
every form and to the development of leading practices for staying
ahead of fraud globally, " said Willard Simmons, vice president of
product management at Roku.
A Google spokesman said that the company has sophisticated
defenses in place to protect its ad systems against fraud and
issues credits or refunds when necessary.
Representatives for Amazon and Apple declined to comment.
The so-called connected-TV industry -- streaming apps and the
platforms that distribute them -- has been growing quickly and will
command $13.4 billion in ad spending in 2021, according to research
firm eMarketer. The sector's high prices -- ad space often goes for
around $25 per thousand impressions, compared with a few dollars
for static display ads -- make it an attractive target for
fraudsters.
"Measurement and security companies will just play whack-a-mole,
as long as the industry hasn't upgraded to better defenses," said
Michael McNally, Human Security's chief scientist.
Fraud has plagued the digital-advertising industry since its
inception. Most online ad buying happens through exchanges rather
than directly from sellers. Buyers bid for available inventory,
generally targeting certain kinds of audiences, and are matched
with sellers by middlemen. Ad space in the connected-TV industry is
often bought this way. Mr. McNally said that as the streaming ad
industry grows, security safeguards aren't keeping pace.
"Buyers in principle have the power here," he said. "They're the
ones that fund the online ecosystem."
The researchers identified the company behind the apps that
facilitated the fraud as TopTop Media, a subsidiary of Tel
Aviv-based M51 Group. Neither TopTop Media nor M51 executives
responded to requests for comment.
In the alleged scam, users downloaded what looked like
legitimate apps on Android devices -- games or digital flashlights,
for example -- and were unaware the apps contained code to
perpetrate ad fraud, Human Security said. TopTop Media created 29
such apps, according to Human Security. Google, the maker of the
Android operating system for phones, said it removed the apps after
being notified of the alleged scheme.
The TopTop apps quietly sent signals to digital ad exchanges
pretending to be some 6,000 apps on popular streaming-TV operating
systems. The fraudsters duped the advertisers, who believed they
were buying space on real apps, the researchers said.
Human Security dubbed the scheme "Pareto," after the eponymous
economics principle, which holds that a small number of actors --
or in this case, apps -- could do a large amount of damage.
Mr. McNally said future schemes could be headed off if real
streaming devices, and the ad space sold in them, had identifiers
that all industry stakeholders could recognize. Google, Roku and
major advertising technology companies have said they are
participating in industry discussions to improve security for
connected TV.
Write to Patience Haggin at patience.haggin@wsj.com and Jeff
Horwitz at Jeff.Horwitz@wsj.com
(END) Dow Jones Newswires
April 21, 2021 08:14 ET (12:14 GMT)
Copyright (c) 2021 Dow Jones & Company, Inc.
Roku (NASDAQ:ROKU)
Historical Stock Chart
From Mar 2024 to Apr 2024
Roku (NASDAQ:ROKU)
Historical Stock Chart
From Apr 2023 to Apr 2024