Potential Threats in Augmented Reality Ads
Augmented Reality (AR) isn’t a new concept, but it’s very much exploded in popularity in the last few years, with increased use on various social media platforms, and the massive success of Nintendo’s “Pokemon Go!” mobile gaming app. Up until recently, AR experiences required apps to deliver them, but with the emergence of WebAR technology, that’s all changing. WebAR allows users to have AR experiences directly via a web browser, without the need for a specific app, and it’s easily run across browsers on Android, iOS, Windows or Mac systems. WebAR provides the advertising ecosystem with a great new playground to reach users with more immersive branding experiences, but as AR ads grow in both exposure and profitability, it won’t take long for cybercriminals to start exploiting the user interaction, either.
Third-party WebAR ad delivery is already being employed by ad networks and exchanges, and as WebAR is usually delivered via URLs, it’s entirely possible to trick a user into clicking a call to action button in an AR ad that redirects them to a malicious landing page or clicks on a special offer that implements a phishing attack.
Read More: Should You Trust SSAI in CTV Advertising?
Programmatic DOOH Attracts Threat Actors
Ever seen a big digital screen while wandering about town that displays a different ad every few minutes? That’s digital out of home (DOOH) advertising, a $7.7 billion market, that’s been trending toward programmatic. We’ve already seen threat actors move toward programmatic when it exploded in the online advertising ecosystem, and it’s entirely possible the same trend will occur with DOOH ads, though the goals might be different. Rather than a profit motive, threat actors looking to hijack digital billboards will more likely be aiming to present subversive political messages, or take the opportunity to deliver offensive, adult content to everyone within eyeshot, mainly for laughs. Basically, the threat actor equivalent of trolling is a real possibility.
As more and more users abandon traditional broadcast television for streaming platforms available on connected devices, many platforms are beginning to monetize by providing precisely targeted advertising for viewers, often employing programmatic delivery. As these ads themselves are web based, they can be just as open to the exploit methods employed by today’s threat actors as any other digital ad, and will require digital security solutions capable of monitoring for threats and ad quality problems that can put user security and experience at risk.