www.helpnetsecurity.com
Open in
urlscan Pro
52.89.83.123
Public Scan
URL:
https://www.helpnetsecurity.com/2024/06/25/snailload-security-loophole-spy-users-online-activities/
Submission: On June 25 via api from TR — Scanned from DE
Submission: On June 25 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1719328810"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
* News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Please turn on your JavaScript for this page to function normally. Help Net Security June 25, 2024 Share NEW SECURITY LOOPHOLE ALLOWS SPYING ON INTERNET USERS’ ONLINE ACTIVITY Researchers at Graz University of Technology were able to spy on users’ online activities simply by monitoring fluctuations in the speed of their internet connection. This vulnerability, known as SnailLoad, does not require malicious code to exploit, and the data traffic does not need to be intercepted. All types of end devices and internet connections are affected. SNAILLOAD ATTACK SETUP * The victim communicates with a server. * The server has a fast Internet connection, the victim’s last-mile connection is comparably slow. * The attacker’s packets to the victim are delayed if the last mile is busy. * In a side-channel attack, the attacker infers what website or video the user is watching. The unsuspecting victim only needs to have a single direct contact with the attacker – for example, when visiting a website or watching a promotional video. During this interaction, the victim unknowingly downloads an essentially harmless file. This file, devoid of any malicious code, evades detection by security software. The transfer of this file is painstakingly slow, providing the attacker with continuous information about the latency variation of the victim’s internet connection. This stealthy approach allows the attacker to reconstruct the victim’s online activity, posing a threat to their privacy. SNAILLOAD COMBINES LATENCY DATA WITH FINGERPRINTING OF ONLINE CONTENT “When the victim accesses a website, watches an online video or speaks to someone via video, the latency of the internet connection fluctuates in a specific pattern that depends on the particular content being used,” says Stefan Gast from the IAIK. This is because all online content has a unique “fingerprint”. For efficient transmission, online content is divided into small data packages that are sent one after the other from the host server to the user. The pattern of the number and size of these data packages is unique for each piece of online content – like a human fingerprint. The researchers collected the fingerprints of a limited number of YouTube videos and popular websites in advance for testing purposes. When the test subjects used these videos and websites, the researchers could recognize this through the corresponding latency fluctuations. “However, the attack would also work the other way round,” says Daniel Gruss from the IAIK: “Attackers first measure the pattern of latency fluctuations when a victim is online and then search for online content with the matching fingerprint.” SLOW INTERNET CONNECTIONS MAKE IT EASIER FOR ATTACKERS When spying on test subjects watching videos, the researchers achieved a success rate of up to 98 percent. “The higher the data volume of the videos and the slower the victims’ internet connection, the better the success rate,” explains Gruss. Consequently, the success rate for spying on basic websites dropped to around 63 percent. “However, if attackers feed their machine learning models with more data than we did in our test, these values will certainly increase,” Gruss added. LOOPHOLE VIRTUALLY IMPOSSIBLE TO CLOSE “Closing this security gap is difficult. The only option would be for providers to artificially slow down their customers’ internet connections in a randomised pattern,” said Gruss. However, this would lead to noticeable delays for time-critical applications such as video conferences, live streams or online computer games. Proof-of-concept code is available on GitHub. The research paper is available here. More about * attacks * cybersecurity * Graz University of Technology * privacy * research * vulnerability Share FEATURED NEWS * Ransomware disrupts Indonesia’s national data centre, LockBit gang claims US Federal Reserve breach * New security loophole allows spying on internet users’ online activity * Zeek: Open-source network traffic analysis, security monitoring Guide to mitigating credential stuffing attacks SPONSORED * eBook: Cloud security skills * Download: The Ultimate Guide to the CISSP * eBook: Do you have what it takes to lead in cybersecurity? DON'T MISS * Ransomware disrupts Indonesia’s national data centre, LockBit gang claims US Federal Reserve breach * New security loophole allows spying on internet users’ online activity * Zeek: Open-source network traffic analysis, security monitoring * CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0 * Guide to mitigating credential stuffing attacks Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - monthly newsletter with top articles Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2024 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×