New Security Loophole Allows Spying on Internet Users

The "SnailLoad" loophole is based on combining the latency of internet connections with the fingerprinting of online content.
(c) IAIK - TU Graz

… Visiting Websites and Watching Videos.

Online activities can be monitored in detail simply by analysing latency fluctuations in the internet connection, researchers at Graz University of Technology have discovered. The attack works without malicious code or access to the data traffic.

The team from the Institute of Applied Information Processing and Communications at TU Graz that discovered and analysed the security vulnerability (from left): Fabian Rauscher, Jonas Juffinger, Stefan Gast, Simone Franza, Daniel Gruss, Roland Czerny.
The team from the Institute of Applied Information Processing and Communications at TU Graz that discovered and analysed the security vulnerability (from left): Fabian Rauscher, Jonas Juffinger, Stefan Gast, Simone Franza, Daniel Gruss, Roland Czerny. (c) IAIK – TU Graz

Internet users leave many traces on websites and online services. Measures such as firewalls, VPN connections and browser privacy modes are in place to ensure a certain level of data protection. However, a newly discovered security loophole allows bypassing all of these protective measures: Computer scientists from the Institute of Applied Information Processing and Communication Technology (IAIK) at Graz University of Technology (TU Graz) were able to track users’ online activities in detail simply by monitoring fluctuations in the speed of their internet connection. No malicious code is required to exploit this vulnerability, known as “SnailLoad”, and the data traffic does not need to be intercepted. All types of end devices and internet connections are affected.

Attackers track latency fluctuations in the internet connection via file transfer

The victim only needs to have a single direct contact with the attacker – for example when visiting a website or watching a promotional video – to download an essentially harmless file unnoticed. Because this file does not contain any malicious code, it is not recognised by security software. The transfer of this file is extremely slow providing the attacker with continuous information about the latency variation of the victim’s internet connection. In further steps, this information is used to reconstruct the victim’s online activity.

“SnailLoad” combines latency data with fingerprinting of online content

“When the victim accesses a website, watches an online video or speaks to someone via video, the latency of the internet connection fluctuates in a specific pattern that depends on the particular content being used,” says Stefan Gast from the IAIK. This is because all online content has a unique “fingerprint”: for efficient transmission, online content is divided into small data packages that are sent one after the other from the host server to the user. The pattern of the number and size of these data packages is unique for each piece of online content – like a human fingerprint.

The researchers collected the fingerprints of a limited number of YouTube videos and popular websites in advance for testing purposes. When the test subjects used these videos and websites, the researchers were able to recognise this through the corresponding latency fluctuations. “However, the attack would also work the other way round,” says Daniel Gruss from the IAIK: “Attackers first measure the pattern of latency fluctuations when a victim is online and then search for online content with the matching fingerprint.”

Slow internet connections make it easier for attackers

When spying on test subjects who were watching videos, the researchers achieved a success rate of up to 98 per cent. “The higher the data volume of the videos and the slower the victims’ internet connection, the better the success rate,” says Daniel Gruss. Consequently, the success rate for spying on basic websites dropped to around 63 per cent. “However, if attackers feed their machine learning models with more data than we did in our test, these values will certainly increase,” says Daniel Gruss.

Loophole virtually impossible to close

“Closing this security gap is difficult. The only option would be for providers to artificially slow down their customers’ internet connections in a randomised pattern,” says Daniel Gruss. However, this would lead to noticeable delays for time-critical applications such as video conferences, live streams or online computer games.

The team led by Stefan Gast and Daniel Gruss has set up a website describing SnailLoad in detail: https://www.snailload.com/

They will present the scientific paper on the loophole at the conferences Black Hat USA 2024 and USENIX Security Symposium.

Wissenschaftliche Ansprechpartner:

Stefan GAST
B.Sc. M.Sc.
TU Graz| Institute of Applied Information Processing and Communications
Phone: +43 316 873 5583
stefan.gast@iaik.tugraz.at

Daniel GRUSS
Assoc.Prof. Dipl.-Ing. Dr.techn. BSc
TU Graz| Institute of Applied Information Processing and Communications
Phone: +43 316 873 5544
daniel.gruss@iaik.tugraz.at

Weitere Informationen:

https://www.tugraz.at/en/research/fields-of-expertise/information-communication-… This research is anchored in the Field of Expertise “Information, Communication & Computing”, one of five strategic foci of TU Graz.

Media Contact

Philipp Jarke Kommunikation und Marketing
Technische Universität Graz

All latest news from the category: Information Technology

Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.

This area covers topics such as IT services, IT architectures, IT management and telecommunications.

Back to home

Comments (0)

Write a comment

Newest articles

NASA: Mystery of life’s handedness deepens

The mystery of why life uses molecules with specific orientations has deepened with a NASA-funded discovery that RNA — a key molecule thought to have potentially held the instructions for…

What are the effects of historic lithium mining on water quality?

Study reveals low levels of common contaminants but high levels of other elements in waters associated with an abandoned lithium mine. Lithium ore and mining waste from a historic lithium…

Quantum-inspired design boosts efficiency of heat-to-electricity conversion

Rice engineers take unconventional route to improving thermophotovoltaic systems. Researchers at Rice University have found a new way to improve a key element of thermophotovoltaic (TPV) systems, which convert heat…