New Privacy Threat Tracks Users via Internet Speed, Evading Firewalls, VPN

Researchers uncover "SnailLoad," a novel security vulnerability that exploits internet latency to monitor online activity.

A newly discovered security loophole called "SnailLoad" poses a serious privacy threat by tracking internet speed fluctuations.

This new attack method can bypass conventional security measures such as firewalls, VPNs, and browser privacy modes, exposing users' online activities to potential surveillance.

Computer scientists from the Institute of Applied Information Processing and Communication Technology (IAIK) at Graz University of Technology (TU Graz) uncovered this vulnerability.

Their findings, detailed in a paper titled "SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript," reveal that SnailLoad exploits latency fluctuations in internet connections to monitor users' online activities.

Unlike traditional attacks, SnailLoad does not require malicious code, making it undetectable by standard security software.

How SnailLoad Works

SnailLoad begins with the attacker establishing initial contact with the victim. This typically involves the victim downloading a small, harmless file from the attacker's server, often without realizing it-such as while visiting a website or watching ads.

This file transfer is extremely slow, providing the attacker with continuous data about the latency variations in the victim's internet connection.

Stefan Gast from IAIK explained that when a person accesses a website, watches an online video, or engages in a video conversation, the internet connection latency varies in a distinctive pattern based on the specific content being utilized.

Each piece of online content has a unique fingerprint, consisting of the pattern and size of data packages transmitted from the host server to the user. By analyzing these latency fluctuations, attackers can reconstruct the victim's online activity with remarkable accuracy.


Strong Research Findings

The researchers tested SnailLoad by gathering fingerprints of various YouTube videos and popular websites. When the test subjects accessed these videos and websites, the researchers could identify the content through corresponding latency fluctuations.

The study achieved a success rate of up to 98% in identifying YouTube videos viewed by test subjects, while for basic websites, the success rate was around 63%.

"The higher the data volume of the videos and the slower the victims' internet connection, the better the success rate," explained Daniel Gruss from IAIK.

These findings indicate that SnailLoad is particularly effective in monitoring high-data activities on slower internet connections. Moreover, the researchers noted that feeding machine learning models with more extensive data could further increase the accuracy of such attacks.

SnailLoad offers a new and powerful method of remote surveillance that does not require direct interception of network traffic. Traditional spying techniques often involve person-in-the-middle attacks or monitoring WiFi signals. However, SnailLoad can be executed from a distance by simply measuring the time it takes for data to travel between the attacker's server and the victim's computer.

The researchers note that closing this security gap presents significant challenges. "The only option would be for providers to artificially slow down their customers' internet connections in a randomized pattern," said Gruss.

However, this approach would lead to noticeable delays in time-critical applications such as video conferences, live streams, or online gaming.

Stay posted here at Tech Times.

Tech Times Writer John Lopez
Tech Times Writer John Lopez
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics