Researchers: Apple’s proxy VPN misused for ad fraud

Researchers: Apple's proxy VPN misused for ad fraud

Apple’s iCloud Private Relay pseudo-VPN service could be used for ad fraud, according to a new research report from a security firm. According to the company Pixalate $65 million is expected to be misused in 2022 alone in a new paper, Attackers used private relays as a kind of shield from detection.

The service is part of Apple’s iCloud+ offering and allows server requests to be redirected through two intermediate steps in order to hide the outgoing IP address. According to their own statements, Apple itself cannot read where the user is surfing. Private Relay is part of iOS, iPadOS and macOS and may become standard on future Apple devices as well. This is part of Apple’s privacy initiative, which also includes tracking protection measures in the Safari browser, and aims to protect Apple Mail users from surveillance.

According to Pixalate, however, Private Relay also provides a target for so-called click fraud. Robots often click on paid ads. This either brings in extra (unearned) money for the publisher whose website is running the ad – or the attackers try to harm a company that has to pay for useless ads that no real users see . The loss due to this is being told in billions. That’s why companies try to detect click fraud as early as possible.

However, iCloud Private Relay is now considered a particularly trustworthy service: users coming through the service are always required to have verified iCloud+ access, the purpose of which is to identify them as “genuine users”. This is why some of Apple’s IPs for private relays are whitelisted, ie they are let through by default by the Click Fraud Prevention system. Scammers should take advantage of this. It even goes so far as to use IP addresses as part of automated bidding processes (programmatic advertising).

See also  ASUS's new GeForce RTX card will soon debut with Noctua cooling

“According to Pixelate’s comments, a common method for exploiting iCloud Private Relay appears to be entry fraud. [solchen] IPv6 and IPv4 addresses in bid requests for digital advertising.” Pixalate has dubbed this method of ad fraud “iP64”. The result is that anti-click fraud systems “blindly trust” these bids. Attackers can exploit large chunks of private – they believe they have a way of fraudulently using relay traffic. In August they had a Extremely high spoofing rate detected,

more than mac and i

more than mac and i

more than mac and i


to home page


Please enter your comment!
Please enter your name here