Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Privacy The Internet

New SnailLoad Attack Exploits Network Latency To Spy On Users' Web Activities (thehackernews.com) 13

Posted by BeauHD from the invisible-threats dept.
Longtime Slashdot reader Artem S. Tashkinov shares a report from The Hacker News: A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study released this week. "This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else's Internet connection. An attacker can use this information to infer websites a user visits or videos a user watches." A defining characteristic of the approach is that it obviates the need for carrying out an adversary-in-the-middle (AitM) attack or being in physical proximity to the Wi-Fi connection to sniff network traffic. Specifically, it entails tricking a target into loading a harmless asset (e.g., a file, an image, or an ad) from a threat actor-controlled server, which then exploits the victim's network latency as a side channel to determine online activities on the victim system.

To perform such a fingerprinting attack and glean what video or a website a user might be watching or visiting, the attacker conducts a series of latency measurements of the victim's network connection as the content is being downloaded from the server while they are browsing or viewing. It then involves a post-processing phase that employs a convolutional neural network (CNN) trained with traces from an identical network setup to make the inference with an accuracy of up to 98% for videos and 63% for websites. In other words, due to the network bottleneck on the victim's side, the adversary can deduce the transmitted amount of data by measuring the packet round trip time (RTT). The RTT traces are unique per video and can be used to classify the video watched by the victim. The attack is so named because the attacking server transmits the file at a snail's pace in order to monitor the connection latency over an extended period of time.
This discussion has been archived. No new comments can be posted.

New SnailLoad Attack Exploits Network Latency To Spy On Users' Web Activities More

New SnailLoad Attack Exploits Network Latency To Spy On Users' Web Activities

Comments Filter:

  • Just curious, is the current legal system prepared to help me “infer” horrific amounts of questionable traffic upon someone with little more than a cool sounding network butt-sniffing tool that can pin a traffic “fingerprint” like a tail on the donkey? Asking for a victi, er I mean random friend working for the competition..

    • Re: (Score:3)

      by gweihir ( 88907 )

      I don't think this will be very reliable. I just had two students look at website fingerprinting on encrypted traffic and they had to massively limit the target website set to get anything. Also, this requires the victim to stream a video pretty smoothly, hence from a larger provider.

  • to create a good finger print. I assume these people are using TCP with a window of 1 and then just measuring the latency of the acks. I'm not sure how they would filter the noise from someone else close to me, or close to them downloading a file or what happens if I download multiple files at a time. I've done finger printing based on some fairly coarse and noisy electrical usage. Figuring out the large loads in someone's home was easy and mostly accurate but even more scary was how unique each customers usage was and yet how consistent it was per customer.

  • Probably useless (Score:4, Interesting)

    by locater16 ( 2326718 ) on Friday July 05, 2024 @11:17PM (#64604405)
    This sound useless, the latency timing of packets is two dimensional, timing and bandwidth. Training a neural network to recognize a tiny sample size would have it working well, 50 different videos would no doubt have differing enough latency timings to identify them well. Training it to work on more and more videos, more and more sites, which could easily break by their datacenters moving around and the data itself getting shuffled around in storage priority, would no doubt break this entire technique completely. There's no way you can infer billions of website or billions of videos just from latency timing.

    • ... traces from an identical network ...

      Unfortunately, humans are easily confused by random variation, it's why we have statistics. But people are remarkably consistent over the short-term: That allows this method to work. Although, as you realize, as the file count increases, the cost of identifying individual files, increases faster.

      This will work as a honey-trap, not so much as follow-everyone surveillance.

      • Re: (Score:2)

        by gweihir ( 88907 )

        This will work as a honey-trap, not so much as follow-everyone surveillance.

        My take as well. Email a link to the victim and find whether they are looking at a video on that page.

  • Just asking for a friend.

Slashdot Top Deals

"We want to create puppets that pull their own strings." -- Ann Marion "Would this make them Marionettes?" -- Jeff Daiell

Close