Scientists uncover new security loophole: “snailload” allows spying on internet users

The "SnailLoad" loophole is based on combining the latency of internet connections with the fingerprinting of online content. Credit: IAIK - TU Graz.

A new security loophole called “SnailLoad” has been discovered by computer scientists at Graz University of Technology (TU Graz) in Austria, allowing attackers to spy on internet users by monitoring fluctuations in their internet connection speed.

This loophole can bypass all existing protective measures such as firewalls, VPNs, and browser privacy modes.

How “SnailLoad” Works

The vulnerability, identified by researchers from the Institute of Applied Information Processing and Communication Technology (IAIK) at TU Graz, exploits small fluctuations in the speed of an internet connection.

No malicious code or data interception is needed to carry out this attack.

The researchers published their findings in a paper titled “SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript.”

Attackers only need to have had direct contact with the victim once. This can happen when the victim downloads a seemingly harmless, small file from the attacker’s server, such as when visiting a website or watching an advertisement.

Since the file contains no malicious code, it goes undetected by security software.

The transfer of this file is intentionally slow, allowing the attacker to continuously monitor the latency variation of the victim’s internet connection. This information is then used to track the victim’s online activity.

When a person visits a website, watches a video, or engages in a video call, their internet connection’s latency fluctuates in a unique pattern depending on the content.

According to Stefan Gast from IAIK, each type of online content—whether it’s a webpage, video, or call—has a unique “fingerprint” based on the pattern and size of data packets sent from the server to the user.

The researchers pre-recorded the fingerprints of a few YouTube videos and popular websites. When test subjects accessed these, the researchers were able to identify the content being viewed by matching the latency fluctuations to their database of fingerprints.

In tests where subjects watched videos, the researchers had a 98% success rate in identifying the content. For basic websites, the success rate was around 63%.

However, Daniel Gruss from IAIK notes that if attackers used more data to train their machine learning models, the success rate could increase.

Closing this security gap is challenging. One potential solution would be for internet providers to randomly slow down their customers’ connections, but this would cause noticeable delays for activities like video conferences, live streams, and online gaming.

The team, led by Gast and Gruss, has created a website detailing “SnailLoad” and will present their research at the Black Hat U.S. 2024 and USENIX Security Symposium conferences.

This discovery highlights the need for continuous vigilance and innovation in cybersecurity to protect internet users from new and unexpected vulnerabilities.

Source: KSR.