SnailLoad: New security loophole that enables spying on internet users

Updated on 26-Jun-2024
HIGHLIGHTS

Computer scientists have found a new security loophole called SnailLoad.

SnailLoad could enable unauthorised surveillance of internet users' online activities

This loophole bypasses traditional data protection measures such as firewalls, VPN connections, and browser privacy modes.

In the ever-evolving landscape of cybersecurity, a threat has emerged: SnailLoad. This emerging security loophole, discovered by computer scientists, poses a significant risk to internet users worldwide by enabling covert surveillance. 

Let’s delve into the details.

Also read: Security bug enables impersonation of Microsoft employee emails: All you need to know 

Computer scientists at Graz University of Technology have found the SnailLoad loophole that could enable unauthorised surveillance of internet users’ online activities, reports Tech Times.

Also read: Alert! New ‘ClickFix’ malware tricks users with fake error fixes for Chrome & OneDrive

According to the researchers, the SnailLoad loophole bypasses traditional data protection measures such as firewalls, VPN connections, and browser privacy modes.

SnailLoad differs from traditional methods like malware or data interception by exploiting fluctuations in internet connection speeds to track users’ online actions. This method operates without deploying malicious code, making it particularly insidious. 

Researchers at the Institute of Applied Information Processing and Communication Technology (IAIK) identified that the vulnerability relies on monitoring latency variations that happen during the transfer of seemingly harmless files from attacker-controlled servers to unsuspecting victims.

Stefan Gast from IAIK explained that every online activity leaves a distinct latency pattern, akin to a unique fingerprint. Whether users interact with websites, watch videos, or engage in video calls, these activities create specific latency fluctuation patterns that reflect the content being accessed.

By analysing these patterns, attackers can reconstruct the sequence of a victim’s online actions. This technique includes gathering latency fingerprints in advance from popular websites and YouTube videos.

Another researcher involved in the study pointed out that the success rate of the SnailLoad attack can be exceptionally high, particularly in scenarios with slower internet speeds and higher data volumes. In tests, the researchers achieved accuracy rates of up to 98% in identifying activities such as video consumption, although slightly lower success rates were observed for simpler web browsing activities.

Ayushi Jain

Tech news writer by day, BGMI player by night. Combining my passion for tech and gaming to bring you the latest in both worlds.

Connect On :