Recent Cyber Attack Causes Internet Slowdown to Monitor Video Viewing Habits
Researchers from Graz University of Technology have unveiled a new method for monitoring user activity, devices, and internet connections. Dubbed SnailLoad, this technique can accurately identify the videos a person is watching with up to a 98% success rate and discern visited websites with a success rate of 63%. Alarmingly, the only known mitigation involves deliberately slowing down internet speeds by adding ‘noise’.
SnailLoad operates as a side-channel privacy attack, as detailed in the paper titled “SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript” authored by Stefan Gast, Roland Czerny, Jonas Juffinger, Fabian Rauscher, Simone Franza, and Daniel Gruss. Unlike traditional methods that require malware installation or man-in-the-middle network traffic observation, SnailLoad exploits subtle variations in network packet round-trip times near the victim’s device. Essentially, by inducing the user to download a small file—such as an advertisement, font, or image—the attacker can monitor latency changes caused by the user’s activity. This method derives its name from the slow-paced file download resembling a snail’s movement.
The implications are concerning, given that SnailLoad operates passively and remotely, capable of deducing a user’s video watching habits or website visits with notable accuracy. Unfortunately, mitigating this threat requires introducing internet connection degradation to mask activity, which is impractical for most users. The researchers acknowledge the complexity of addressing the root cause and call for further research to develop effective solutions.
As of now, SnailLoad remains a laboratory-based threat without reported real-world exploitation. The researchers note the limited sample size used in their study and believe widespread deployment of SnailLoad is currently unlikely. However, the need for vigilance and ongoing research persists to safeguard against potential future threats.