iCloud security breach leads to $65 million scam

A security flaw in a featureé offered by iCloud is becoming extremely expensive for advertisers. Using Private Relay, bots impersonate Apple in order to view my millions of ads across the web. The goal: to artificially inflate the price of advertising space. A scam valued at $65 million.

Right now, iCloud is definitely paying very bad publicity – and it is the case to say it in this precise case. In the space of a few days, a bug hit users who find themselves with photos of strangers in their library, while researchers have proven that Apple lied about the real confidentiality of the data collected from users. And obviously, this is not the only time that the Cupertino company has remodeled the truth.

Pixalate, a company specializing in the prevention of online fraud, has indeed published a study against the manufacturer. In the latter, she claims that a security flaw present in iCloud made it possible to create a scam that is worth today $65 million. All while impersonating Apple itself. This was all made possible thanks to iCloud Private Relay.

Brands lose $65 million because of iCloud

Reserved for iCloud premium users, this feature allows, like a VPN, to camouflage their activity on the Internet by being assigned a “fake” IP address. Apple is formal on this point: all IP addresses distributed are to real users, not to bots. And yet… that is precisely what is happening, according to Pixalate. As a matter of fact, 90% of iCloud Private Relay users are actually bots.

On the same subject – iCloud: a hacker stole more than 600,000 intimate photos pretending to be Apple

Why such a concentration around functionality? Money, of course. These bots will indeed go and view thousands of advertisements on the web, for a simple reason: the more an advertisement is seen, the more its placement costs. The method is even more pernicious, says Amit Shetty, vice president of product at Pixalate. “Apple says you can be sure that connections through Private Relay are secure and free from fraud, so scammers simply present their traffic as coming from Apple”.

If the scam is now widespread throughout the web, Pixalate claims that 9 sites in particular are targeted by scammers, including E! Online, ESPN, Major League Baseball, NBC News and Weather.com. And the situation is only getting worse, so much so that the firm now advises companies managing online advertising space to simply block the traffic generated by iCloud Private Relay.

Source: Pixalate