SnailLoad attackers can see the videos you watch
A new method of spying on any user, device or internet connection has been revealed by security researchers from the Graz University of Technology. Researchers have developed a technique called SnailLoad that can accurately identify the video a person is watching with a success rate of up to 98%. This method can also identify the websites they visit, albeit with a lower success rate of 63%. What is particularly worrying is that the only known way to mitigate this is to degrade the internet connection speed by adding ‘noise’.
SnailLoad Side Channel Privacy Attack Explained
In their paper, SnailLoad: Exploiting remote network latency metrics without JavaScript, researchers Stefan Gast, Roland Czerny, Jonas Juffinger, Fabian Rauscher, Simone Franza and Daniel Gruss, explain how this new method of eavesdropping without installing malware and without observing network traffic through some kind of man-in-the-middle attack. Indeed, an attacker does not even need physical proximity to monitor Wi-Fi packets.
Instead, SnailLoad intelligently exploits bandwidth bottlenecks in proximity to the device you’re using. This is described as “subtle variations in the round-trip times of network packets” carrying a side-channel signal affected by the victim’s activity. To put it more simply, by having the target user download a small file, it could be any kind of content, including an advertisement, font or image, the attacker can measure the latency, changes in the speed of an internet connection , infer the activity in which they engage. Speed is the key, or rather the slowness of speed. This file is downloaded from a server using a slow connection so this latency pattern can be tracked. The fact that the file is sent at a snail’s pace gives rise to the name of the attack. “Except for slow-motion”, the researchers said“SnailLoad, just like a snail, leaves tracks and is a little creepy.”
More than a little creepy, I’d say, the attack is a completely passive and remote script, but it can determine, with varying degrees of accuracy, what video a user is watching or what website activity they’re engaging in. The cringe factor increases when you realize that there is no easy fix, since mitigation would require degrading the internet connection to introduce noise that would not be acceptable to most users. “The root cause cannot be eliminated and further research is needed to find satisfactory solutions,” the study said.
This snail has not yet escaped into the wild
The good news is that this is a lab-based, research-only threat. “We believe that most Internet connections are affected,” the researchers said. However, at this time, it is unlikely that SnailLoad will be exploited in the wild.”
The fact that the sample set used to train and test SnailLoad was so small, with only 10 Internet connections, has been cited as another reason not to worry too much at this time. This is highlighted by the need to ‘fingerprint’ videos (from YouTube to research) and individual websites in order to compare SnailLoad analysis and determine who was watched or used. In a real-world scenario, it’s hard to see how this could be exploited, for now.
