SnailLoad attackers can see what videos you watch
Security researchers from the Graz University of Technology have revealed a new method of spying on any user, device or internet connection. Scientists have developed a technique called SnailLoad that can pinpoint the video a person is watching with up to 98% success rate. This method can also identify visited websites, albeit with a lower success rate of 63%. What’s particularly worrying is that the only known way to mitigate this is to reduce your internet connection speed by adding “noise”.
SnailLoad Side-Channel Privacy Attack Explained
In their article SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript, researchers Stefan Gast, Roland Czerny, Jonas Juffinger, Fabian Rauscher, Simone Franza, and Daniel Gruss explain how this new method of eavesdropping without installing malware and without monitoring network traffic is some kind of man-in-the-middle attack . In fact, an attacker does not even need to monitor Wi-Fi packets in close physical proximity.
Instead, SnailLoad cleverly exploits bandwidth bottlenecks near the device you’re using. This is described as “subtle variations in the round-trip times of network packets” carrying the side-channel signal that are affected by the victim’s activity. In simpler terms, by getting the target user to download a small file, it can be any kind of content including an ad, font or image, the attacker can measure latency, changes in internet connection speed. infer the activity they are engaged in. The key is speed, or rather the slowness of speed. This file is downloaded from the server using a slow connection to monitor this latency pattern. The fact that the file is sent at a snail’s pace gives rise to the name of the attack. “In addition to being slow,” the researchers said, “SnailLoad, like a snail, leaves tracks and is a bit creepy.”
I’d say it’s more than a little creepy because the attack is a fully passive and remote scenario, yet it can determine with varying degrees of accuracy what video a user is watching or what activity they’re doing on the site. The creep factor increases. when you realize that there is no easy fix, given that mitigation would require degrading the internet connection to introduce noise that would not be acceptable to most users. “The root cause cannot be removed and further research is necessary to find satisfactory solutions,” the study said.
This snail has not yet escaped into the wild
The good news is that this is a laboratory threat that only affects research. “We believe most Internet connections are affected,” the researchers said. However, SnailLoad is unlikely to be used in the wild at this time.”
The fact that the sample set used to train and test SnailLoad was so small, with only 10 internet connections, was cited as another reason not to worry too much at this point. This is highlighted by the need for “footprints” of videos (from YouTube in research) and individual web pages to compare SnailLoad’s analysis to determine which were watched or used. In a real-world scenario, it’s hard to see how this could be abused yet.
“This potential attack demonstrates a wide range of possible attack vectors,” said Boris Cipot, senior security engineer at Synopsys Software Integrity Group, “adding considerable stress to security professionals tasked with protecting users’ devices from unwanted snooping.” Cipot warned that it is it is possible that similar attack vectors are already being used without our knowledge.