Ad-serving standard could be supporting malvertising

The global standard for ad-supported video could soon make it easier for malvertisers to abuse smartphones and PC video players, according to one of the world’s largest providers of the ad-serving technology.

Mark Stanton, head of Brightcove Australia and New Zealand said that the standard gives the video players too much freedom to permit ads access to web pages.

That, he argued, could allow a malicious advertiser to re-write advertising links or make other unauthorised changes to web pages on devices.

“There is a new industry standard that I feel makes it easier for malvertising or malicious ads. The conversation I’m having with customers is how can we implement that standard in a way that is still safe for users and for them,” Mr Staton said.

He said that the problem would primarily impact desktop but could apply to “anything that renders HTML”.

Quite a lot of Smart TVs and other devices do run web browsers then in theory they are potential targets.

The standard developed by the Interactive Advertising Bureau (IAB), known as VPAID 2.0 (or HTML5 VPAID), has been around for about four years.

The problem, Mr Stanton said, was that there was a rapid trend away from consumers watching catch-up TV services on desktops to smartphones as mobile data prices fell.

However, he said that “in the wild” he was only aware of it affecting browsers on desktops.

“The way that we have implemented in our player is to only allow the ads limited access to the page. That locks any ads into a sandbox that they can’t do go things re-write links or make other changes to the page,” he said.

Mr Stanton’s comments coincided with the company’s announcement that Brightcove had struck a deal to supply Network Ten with new ad-serving technology that circumvents ad-blockers for its tenplay catch-up TV service.

The new technology weaves ads into tenplay streams rather than calling on the device’s video player to make a call to a secondary ad server.

Mr Stanton said that the company was also working with other television networks on an initiative to address what he called “viewability” – to reveal how frequently ads were being blocked or obscured during viewer sessions.

Brightcove estimated that, in some cases, up to 50 per cent of ads were not being viewed, however, that varied with age demographics and gender.

“For content that is targeting males in the 15 to 30 age demographic there’s very high ad-blocking rates. For content that is targeting an older audience or more female skewed, the rate can be a lot lower – they can be single digits. So, there’s not a global rule,” he said.

Participate in this short survey on IT security strategies across the Australian market and go in the draw to WIN a 360Fly camera vailued at $689.

Start survey NOW

Join the CSO newsletter!

Error: Please check your email address.

Tags smartphonesmart TVsriskmalvertisingattacksvpaidadvertising softwareBrightcove Communicationsmalwarecyber securitythreatmalicious adsabusehtml codephishingPC video playersadvertising

More about BrightcoveInteractiveInteractive Advertising BureauInteractive Advertising Bureau (IAB)Network TenSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Andrew Colley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place