How 'SnailLoad' That Slows Internet Speed Allows Hackers To Know What Videos People Watch


In the earlier days of the internet, people had to download videos to watch them because the slow speed of the internet didn't support streaming.

But fast forward to the modern days of the internet, videos of various formats and resolutions can be played on various devices, and that people aren't limited to just their computers or mobile phones.

The main thing that allows this to happen, is the speed of the internet, which significantly increased the amount of data that can be delivered in any given moment.

Based on this fact, researchers managed to find a way to spy on whatever people are streaming, using a technique called 'SnailLoad'.

Just like what the name suggests, the technique slows down the internet speed, in order to determine the video a target is watching.

And here, the technique has a success rate of an astonishing 90%.

The attack setup for SnailLoad.

On a website created by the security researchers at Graz University of Technology, it's said that:

"SnailLoad exploits a bottleneck present on all Internet connections. This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else's Internet connection. An attacker can use this information to infer websites a user visits or videos a user watches."

The technique essentially allows the spying of any user, device, or internet connection.

Revealed the security researchers, SnailLoad can also identify the websites being visited, although with a lower success rate of 63%.

In their paper, titled SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript, the researchers explain how this unique and novel eavesdropping method works without using malware, person-in the-middle attack, or anything.

The technique doesn't even require the attacker to be in close physical proximity with the target to monitor Wi-Fi packets.

Instead, SnailLoad ingeniously exploits bandwidth bottlenecks in the proximity of the device people are using.

According to the researchers, internet data is sent in packets, and that SnailLoad essentially scans for "subtle variations in the round-trip times of network packets."

Confusion matrices for YouTube video fingerprinting on 10 internet connections.

In order to do this, all the attackers have to do to launch this particular video-fingerprinting attack, is to get the target to download a small file, which can be anything.

From a simple online advertising, font or image, or files of other formats. Any file should work.

In fact, the technique uses only 400 B/s of network traffic.

When a target downloads the file, SnailLoad will measure the latency, the changes in the speed of an internet connection, to deduce the activity the target is engaged in.

Here, speed is the key, or rather slowness of the speed.

The amount of time that file is downloaded from a server using a slow connection can show a latency pattern that can be monitored.

And what makes this SnailLoad worrisome, is the fact that there is no easy fix.

Adding noise on the connection lets the fingerprinting accuracy to deteriorate significantly.

The researchers said that the only known way to mitigate this is by degrading internet connection speed through the addition of ‘noise’.

"Apart from being slow,” the researchers said, “SnailLoad, just like a snail, leaves traces and is a little bit creepy," the researchers said.

But nevertheless, people should not be concerned because at least at this time, SnailLoad has only been released in the lab, and that the researchers only tested it with just a few internet connections.

At this time, it is unlikely that SnailLoad is exploited in the wild.