idw – Informationsdienst Wissenschaft

Nachrichten, Termine, Experten

Grafik: idw-Logo
Grafik: idw-Logo

idw - Informationsdienst
Wissenschaft

Science Video Project
idw-Abo

idw-News App:

AppStore

Google Play Store



Instanz:
Teilen: 
24.06.2024 18:00

New Security Loophole Allows Spying on Internet Users Visiting Websites and Watching Videos

Philipp Jarke Kommunikation und Marketing
Technische Universität Graz

    Online activities can be monitored in detail simply by analysing latency fluctuations in the internet connection, researchers at Graz University of Technology have discovered. The attack works without malicious code or access to the data traffic.

    Internet users leave many traces on websites and online services. Measures such as firewalls, VPN connections and browser privacy modes are in place to ensure a certain level of data protection. However, a newly discovered security loophole allows bypassing all of these protective measures: Computer scientists from the Institute of Applied Information Processing and Communication Technology (IAIK) at Graz University of Technology (TU Graz) were able to track users' online activities in detail simply by monitoring fluctuations in the speed of their internet connection. No malicious code is required to exploit this vulnerability, known as "SnailLoad", and the data traffic does not need to be intercepted. All types of end devices and internet connections are affected.

    Attackers track latency fluctuations in the internet connection via file transfer

    The victim only needs to have a single direct contact with the attacker - for example when visiting a website or watching a promotional video - to download an essentially harmless file unnoticed. Because this file does not contain any malicious code, it is not recognised by security software. The transfer of this file is extremely slow providing the attacker with continuous information about the latency variation of the victim's internet connection. In further steps, this information is used to reconstruct the victim's online activity.

    "SnailLoad" combines latency data with fingerprinting of online content

    "When the victim accesses a website, watches an online video or speaks to someone via video, the latency of the internet connection fluctuates in a specific pattern that depends on the particular content being used," says Stefan Gast from the IAIK. This is because all online content has a unique "fingerprint": for efficient transmission, online content is divided into small data packages that are sent one after the other from the host server to the user. The pattern of the number and size of these data packages is unique for each piece of online content - like a human fingerprint.

    The researchers collected the fingerprints of a limited number of YouTube videos and popular websites in advance for testing purposes. When the test subjects used these videos and websites, the researchers were able to recognise this through the corresponding latency fluctuations. "However, the attack would also work the other way round," says Daniel Gruss from the IAIK: "Attackers first measure the pattern of latency fluctuations when a victim is online and then search for online content with the matching fingerprint."

    Slow internet connections make it easier for attackers

    When spying on test subjects who were watching videos, the researchers achieved a success rate of up to 98 per cent. "The higher the data volume of the videos and the slower the victims' internet connection, the better the success rate," says Daniel Gruss. Consequently, the success rate for spying on basic websites dropped to around 63 per cent. "However, if attackers feed their machine learning models with more data than we did in our test, these values will certainly increase," says Daniel Gruss.

    Loophole virtually impossible to close

    "Closing this security gap is difficult. The only option would be for providers to artificially slow down their customers' internet connections in a randomised pattern," says Daniel Gruss. However, this would lead to noticeable delays for time-critical applications such as video conferences, live streams or online computer games.

    The team led by Stefan Gast and Daniel Gruss has set up a website describing SnailLoad in detail: https://www.snailload.com/

    They will present the scientific paper on the loophole at the conferences Black Hat USA 2024 and USENIX Security Symposium.


    Wissenschaftliche Ansprechpartner:

    Stefan GAST
    B.Sc. M.Sc.
    TU Graz| Institute of Applied Information Processing and Communications
    Phone: +43 316 873 5583
    stefan.gast@iaik.tugraz.at

    Daniel GRUSS
    Assoc.Prof. Dipl.-Ing. Dr.techn. BSc
    TU Graz| Institute of Applied Information Processing and Communications
    Phone: +43 316 873 5544
    daniel.gruss@iaik.tugraz.at


    Weitere Informationen:

    https://www.tugraz.at/en/research/fields-of-expertise/information-communication-... This research is anchored in the Field of Expertise "Information, Communication & Computing", one of five strategic foci of TU Graz.


    Bilder

    The team from the Institute of Applied Information Processing and Communications at TU Graz that discovered and analysed the security vulnerability (from left): Fabian Rauscher, Jonas Juffinger, Stefan Gast, Simone Franza, Daniel Gruss, Roland Czerny.
    The team from the Institute of Applied Information Processing and Communications at TU Graz that dis ...

    IAIK - TU Graz

    The "SnailLoad" loophole is based on combining the latency of internet connections with the fingerprinting of online content.
    The "SnailLoad" loophole is based on combining the latency of internet connections with the fingerpr ...

    IAIK - TU Graz


    Merkmale dieser Pressemitteilung:
    Journalisten, jedermann
    Informationstechnik
    überregional
    Forschungsergebnisse
    Englisch


     

    Hilfe

    Die Suche / Erweiterte Suche im idw-Archiv
    Verknüpfungen

    Sie können Suchbegriffe mit und, oder und / oder nicht verknüpfen, z. B. Philo nicht logie.

    Klammern

    Verknüpfungen können Sie mit Klammern voneinander trennen, z. B. (Philo nicht logie) oder (Psycho und logie).

    Wortgruppen

    Zusammenhängende Worte werden als Wortgruppe gesucht, wenn Sie sie in Anführungsstriche setzen, z. B. „Bundesrepublik Deutschland“.

    Auswahlkriterien

    Die Erweiterte Suche können Sie auch nutzen, ohne Suchbegriffe einzugeben. Sie orientiert sich dann an den Kriterien, die Sie ausgewählt haben (z. B. nach dem Land oder dem Sachgebiet).

    Haben Sie in einer Kategorie kein Kriterium ausgewählt, wird die gesamte Kategorie durchsucht (z.B. alle Sachgebiete oder alle Länder).