Researchers from Graz University of Technology have discovered SnailLoad, a novel side-channel attack that exploits network latency to infer user activities such as website visits and video watching.
By leveraging latency variations caused by bandwidth bottlenecks, the attack can discern details of user interactions on the internet. It should be noted that the attack is feasible without requiring compromise or code execution on the victim's machine.
The researchers evaluated the attack on various internet connection types, including ADSL, FTTH, and LTE, with F1 scores ranging from 37% to 98%. Their experiments showed that SnailLoad could achieve up to 98% accuracy in identifying specific YouTube videos watched by a user.
SnailLoad mechanism and impact
The SnailLoad attack takes advantage of the difference in bandwidth between the fast internet connection of a server and the slower last-mile connection of a user. The key steps in the attack are:
- Setup: The victim connects to an attacker-controlled server.
- Latency measurement: The attacker sends packets to the victim's connection. If the connection is busy (e.g., streaming a video), these packets are delayed.
- Inference: By analyzing the packet delays, the attacker can infer the victim's activity, such as which website is being visited or what video is being watched.
Most internet connections are potentially vulnerable to SnailLoad due to inherent bandwidth bottlenecks near the user's end of the connection. The attack does not require the victim to interact with malicious code or scripts, making it a stealthy and remote threat. The effectiveness of the attack is amplified by the unique latency patterns created by different activities, such as streaming videos or browsing specific websites.
Mitigating SnailLoad is challenging because it exploits fundamental network characteristics. However, adding random noise to network traffic can help obscure latency patterns and reduce the attack's accuracy. Users can also limit the exposure by being cautious about the background applications that maintain constant network connections.
The Graz University of Technology researchers have shared the code for a SnailLoad demo webserver on GitHub, while the full technical details about this new side-channel attack are available on this paper.
Users can also generate a sample network latency fingerprint for themselves on the project's demo page, which measures and graphs live latency in the user's network traffic.
Leave a Reply