A research team has discovered a new security vulnerability that could allow hackers to bypass any security measures, such as VPN tools, and spy on everyone and all internet connections.
The vulnerability, called “SnailLoad”, works by monitoring changes in the speed of a user’s Internet connection and does not require code or device access of any kind.
Researchers say this is enough to allow hackers to closely track users’ online activities.
For example, any user could be subjected to a SnailLoad attack by downloading a small, “harmless-looking” file from a hacker’s server that might be hidden inside a malicious website.
The researchers explained that this file does not contain any malicious code, so security programs may not detect it at all. However, file transfer speeds are so slow that hackers can monitor how fast users connect to the Internet, which is enough for a hack to occur as they can discover a “fingerprint” of the connection. To transfer a file, it is broken into several small parts, leaving behind a unique code that can be monitored later.
“The latency of the victim’s Internet connection fluctuates in a consistent pattern when they access a website, watch an online video, or talk to someone via video,” said Stefan Gast of Graz University of Technology, who discovered the vulnerability. The specifics vary depending on the specific content used.
Researchers behind the attack said they were able to spy on users watching videos with a success rate of up to 98%. They also explained that success rates are higher when the internet connection is slow and the video is large.
The research team published a research paper describing their findings on a dedicated website.
