idw – Informationsdienst Wissenschaft
Nachrichten, Termine, Experten
Nachrichten, Termine, Experten
Online activities can be monitored in detail simply by analysing latency fluctuations in the internet connection, researchers at Graz University of Technology have discovered. The attack works without malicious code or access to the data traffic.
Internet users leave many traces on websites and online services. Measures such as firewalls, VPN connections and browser privacy modes are in place to ensure a certain level of data protection. However, a newly discovered security loophole allows bypassing all of these protective measures: Computer scientists from the Institute of Applied Information Processing and Communication Technology (IAIK) at Graz University of Technology (TU Graz) were able to track users' online activities in detail simply by monitoring fluctuations in the speed of their internet connection. No malicious code is required to exploit this vulnerability, known as "SnailLoad", and the data traffic does not need to be intercepted. All types of end devices and internet connections are affected.
Attackers track latency fluctuations in the internet connection via file transfer
The victim only needs to have a single direct contact with the attacker - for example when visiting a website or watching a promotional video - to download an essentially harmless file unnoticed. Because this file does not contain any malicious code, it is not recognised by security software. The transfer of this file is extremely slow providing the attacker with continuous information about the latency variation of the victim's internet connection. In further steps, this information is used to reconstruct the victim's online activity.
"SnailLoad" combines latency data with fingerprinting of online content
"When the victim accesses a website, watches an online video or speaks to someone via video, the latency of the internet connection fluctuates in a specific pattern that depends on the particular content being used," says Stefan Gast from the IAIK. This is because all online content has a unique "fingerprint": for efficient transmission, online content is divided into small data packages that are sent one after the other from the host server to the user. The pattern of the number and size of these data packages is unique for each piece of online content - like a human fingerprint.
The researchers collected the fingerprints of a limited number of YouTube videos and popular websites in advance for testing purposes. When the test subjects used these videos and websites, the researchers were able to recognise this through the corresponding latency fluctuations. "However, the attack would also work the other way round," says Daniel Gruss from the IAIK: "Attackers first measure the pattern of latency fluctuations when a victim is online and then search for online content with the matching fingerprint."
Slow internet connections make it easier for attackers
When spying on test subjects who were watching videos, the researchers achieved a success rate of up to 98 per cent. "The higher the data volume of the videos and the slower the victims' internet connection, the better the success rate," says Daniel Gruss. Consequently, the success rate for spying on basic websites dropped to around 63 per cent. "However, if attackers feed their machine learning models with more data than we did in our test, these values will certainly increase," says Daniel Gruss.
Loophole virtually impossible to close
"Closing this security gap is difficult. The only option would be for providers to artificially slow down their customers' internet connections in a randomised pattern," says Daniel Gruss. However, this would lead to noticeable delays for time-critical applications such as video conferences, live streams or online computer games.
The team led by Stefan Gast and Daniel Gruss has set up a website describing SnailLoad in detail: https://www.snailload.com/
They will present the scientific paper on the loophole at the conferences Black Hat USA 2024 and USENIX Security Symposium.
Stefan GAST
B.Sc. M.Sc.
TU Graz| Institute of Applied Information Processing and Communications
Phone: +43 316 873 5583
stefan.gast@iaik.tugraz.at
Daniel GRUSS
Assoc.Prof. Dipl.-Ing. Dr.techn. BSc
TU Graz| Institute of Applied Information Processing and Communications
Phone: +43 316 873 5544
daniel.gruss@iaik.tugraz.at
https://www.tugraz.at/en/research/fields-of-expertise/information-communication-... This research is anchored in the Field of Expertise "Information, Communication & Computing", one of five strategic foci of TU Graz.
The team from the Institute of Applied Information Processing and Communications at TU Graz that dis ...
IAIK - TU Graz
The "SnailLoad" loophole is based on combining the latency of internet connections with the fingerpr ...
IAIK - TU Graz
Criteria of this press release:
Journalists, all interested persons
Information technology
transregional, national
Research results
English
You can combine search terms with and, or and/or not, e.g. Philo not logy.
You can use brackets to separate combinations from each other, e.g. (Philo not logy) or (Psycho and logy).
Coherent groups of words will be located as complete phrases if you put them into quotation marks, e.g. “Federal Republic of Germany”.
You can also use the advanced search without entering search terms. It will then follow the criteria you have selected (e.g. country or subject area).
If you have not selected any criteria in a given category, the entire category will be searched (e.g. all subject areas or all countries).
