Recent findings from computer scientists at Graz University of Technology reveal a chilling security loophole dubbed “SnailLoad.” This vulnerability bypasses traditional safeguards like firewalls and VPNs by exploiting fluctuations in internet connection speeds. Even without malicious code, attackers can meticulously track users’ online activities after a single innocuous interaction, such as visiting a website or watching a video. All devices and connection types are susceptible, marking a significant threat to online privacy.
The SnailLoad Loophole:
- Researchers from the Institute of Applied Information Processing and Communication Technology (IAIK) at Graz University of Technology discovered a vulnerability that affects all types of end devices and internet connections.
- Unlike traditional attacks that require malicious code or data interception, SnailLoad leverages fluctuations in internet connection speed to track users’ online activities.
- Here’s how it works:
- Initial Contact: The attacker needs one prior interaction with the victim. During this interaction, the victim unknowingly downloads a seemingly harmless file from the attacker’s server (e.g., while visiting a website or watching an ad).
- Latency Variation: The transferred file is intentionally slow, allowing the attacker to monitor latency fluctuations in the victim’s internet connection.
- Unique Fingerprint: All online content has a unique fingerprint based on the pattern of data package sizes sent from the host server to the user. When the victim accesses websites or watches videos, the latency fluctuates in a specific pattern tied to the content being used.
- Reconstructing Activity: Armed with latency data and content fingerprints, the attacker can reconstruct the victim’s online activity.
Success Rate:
- When spying on test subjects watching videos, the researchers achieved a success rate of up to 98%.
- The success rate varies based on factors like data volume and internet connection speed. For basic websites, the rate dropped to around 63%