SnailLoad attackers can see what videos you watch
Security researchers from Graz University of Technology have unveiled a new method to spy on any user, device or internet connection. The researchers have developed a technique called SnailLoad, which can accurately determine which video someone is watching, with a success rate of up to 98%. This method can also identify the websites visited, albeit with a lower success rate of 63%. What is particularly worrying is that the only known way to mitigate this is to reduce the speed of the internet connection through the addition of ‘noise’.
SnailLoad side channel privacy attack explained
In their paper, SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript, researchers Stefan Gast, Roland Czerny, Jonas Juffinger, Fabian Rauscher, Simone Franza and Daniel Gruss explain how this new eavesdropping method works without installing malware and without observing network traffic. a kind of person-in-the-middle attack. An attacker doesn’t even have to be physically nearby to monitor Wi-Fi packets.
Instead, SnailLoad ingeniously exploits bandwidth bottlenecks close to the device you are using. This is described as the “subtle variations in network packet round-trip times” that carry a side-channel signal influenced by the victim’s activity. Simply put, by making the target user download a small file (this could be any form of content, including an ad, font or image). The attacker can measure latency, the changes in the speed of an Internet connection, and distract from the activity they are engaged in. Speed is the key, or better said, inertia of speed. That file is downloaded from a server over a slow connection so that this latency pattern can be monitored. The fact that the file is sent at a snail’s pace gives rise to the name of the attack. “Besides being slow,” the researchers said, “SnailLoad, like a snail, leaves trails and is a bit creepy.”
More than a little creepy, I’d say, as the attack is a completely passive and remote scenario, yet can still determine with varying degrees of accuracy what video a user is watching or what website activity they are engaging in. when you realize that there is no easy solution since the limitation would require a degradation of the Internet connection to introduce noise that would not be acceptable to most users. “The cause cannot be eliminated and further research is needed to find satisfactory solutions,” the study said.
This snail has not escaped into the wild so far
The good news is that this is a laboratory-based threat that is based on research only. “We believe that most internet connections are affected,” the researchers said. However, at this time, SnailLoad is unlikely to be exploited in the wild.”
The fact that the sample set used to train and test SnailLoad was so small, with only ten internet connections, is cited as another reason not to worry too much at this point. This is highlighted by the need to ‘fingerprint’ videos (from YouTube in the study) and individual websites to compare the SnailLoad analysis and determine which was viewed or used. In a realistic scenario, it is difficult to see for now how this could be exploited.
“This potential attack demonstrates the wide range of possible attack vectors,” said Boris Cipot, senior security engineer at Synopsys Software Integrity Group, “and adds significant stress to security personnel who must protect users’ devices from unwanted snooping.” Cipot warned that it is possible that similar attack vectors are already in use without our knowledge.”