Thursday , 7 November 2024
Home Innovation Cybersecurity SnailLoad Tracks Online Activity via Slow Internet Connections
Cybersecurity

SnailLoad Tracks Online Activity via Slow Internet Connections

SnailLoad

Researchers from Graz University of Technology have unveiled a new privacy threat dubbed SnailLoad, revealing a method that allows spying on users, devices, and internet connections. Unlike traditional malware or network eavesdropping, SnailLoad exploits subtle variations in network packet round-trip times to discern user activity without direct observation or proximity to the victim’s device.

This technique, detailed in the paper ‘SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript’ by Stefan Gast, Roland Czerny, Jonas Juffinger, Fabian Rauscher, Simone Franza, and Daniel Gruss, achieves up to a 98% success rate in identifying the videos users watch, albeit with a 63% success rate for websites visited. The attack works by inducing bandwidth bottlenecks near the target device, influencing latency patterns that betray user actions.

To implement SnailLoad, attackers prompt the user to download innocuous files, such as adverts or images, via deliberately slowed connections. This ‘snail’s pace’ download serves as a mechanism to monitor latency changes, thereby deducing the user’s online activities. The method’s passive and remote nature makes detection challenging, with no straightforward mitigation other than degrading internet speeds with ‘noise,’ which is impractical for most users.

While currently confined to controlled research environments, SnailLoad poses significant implications for internet privacy. Despite its lab origins and the limited scope of its current impact, security experts caution that similar covert methods could already be in clandestine use, underscoring the need for ongoing research and robust defensive measures.

Boris Cipot, a senior security engineer at Synopsys Software Integrity Group, highlights the broad spectrum of potential attack vectors highlighted by SnailLoad, stressing the need for vigilance among security personnel tasked with safeguarding user devices. The research community acknowledges the evolving nature of such threats, advocating for proactive defenses to counteract emerging privacy vulnerabilities.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

google gmail
Cybersecurity

Gmail Protection: The Importance of Backup Accounts

In recent months, Google has demonstrated a robust commitment to user security,...

cash app
Cybersecurity

Cash App Settles Data Breach for $15 Million: Check Your Eligibility

Cash App, the popular mobile payment platform owned by Block Inc. (formerly...

Samsung Galaxy S25 Ultra
Cybersecurity

Samsung’s Security Update Dilemma: Millions of Devices at Risk

Samsung is facing a significant challenge as millions of Galaxy phone users...

windows
Cybersecurity

Windows Theme Bug Exposes Credentials; Patch Still Pending

Microsoft has recently come under scrutiny once more as a new security...