Researchers shared insights about a new attack strategy that exposes users’ activities to snoopers. Identified as a “Snailload attack,” the technique works by exploiting the network latency following a bottleneck on internet connections.
Snailload Attack Exploits Network Latency
A team of researchers from the Graz University of Technology has devised a new side-channel attack that exposes users’ online activities. Naming it the Snailload attack, the researchers demonstrated how an adversary could exploit network latency to spy on users.
Interfering internet connections usually require the attacker to launch MiTM attacks or sniff WiFi packets by physically being present within the network’s proximity. However, while serving the same purpose, Snailload is different in that it neither requires code execution nor physical access to the target network.
As explained, a bottleneck in internet connections exists, particularly between the users’ devices and the ISPs, which affects network latency. (The subsequent connection from the ISP to the corresponding server, e.g., a website, is usually faster.) The Snailload side-channel attack exploits this bottleneck, allowing the attacker to access data packets from the bottleneck without malware execution of WiFi sniffing.
In this attack, the victim unknowingly downloads a file (an image, a video, etc.) from the attacker’s server, as the attack masks the file or video download. As the attacker sends the respective file gradually, it allows an attacker to exploit the bottleneck and measure the network latency to know the video being watched. Since the file is sent to the victim at a very slow speed (snail’s pace), and it leaves traces, the researchers have named it the “Snailload”.
The researchers have shared the technical details about the entire attack strategy in their research paper. They have also shared a demo on a dedicated website alongside releasing the example server on GitHub.
Limitations And Countermeasures
As demonstrated, Snailload is a precise remote side-channel attack which doesn’t require the attacker to rely on the victim machine’s hardware or execute codes. Its passive traffic analysis style makes Snailload applicable against every network-connected machine.
However, the attack has some limitations despite all its effectiveness for packet tracing. The most notable limitation is that it typically works on TCP connections where measuring network latency becomes feasible.
As for countermeasures, Snailload is affected by noise, which can server as a mitigation. But adding noise may also be inconvenient for the user. Besides, Snailload requires the target network to have a high bandwidth at the backbone infrastructure than the user’s connection to effectively create the bottleneck.
Let us know your thoughts in the comments.