New security loophole that enables spying on internet users

/in


HIGHLIGHTS

Computer scientists have found a new security loophole called SnailLoad.

SnailLoad could enable unauthorised surveillance of internet users’ online activities

This loophole bypasses traditional data protection measures such as firewalls, VPN connections, and browser privacy modes.

In the ever-evolving landscape of cybersecurity, a threat has emerged: SnailLoad. This emerging security loophole, discovered by computer scientists, poses a significant risk to internet users worldwide by enabling covert surveillance. 

Let’s delve into the details.

Also read: Security bug enables impersonation of Microsoft employee emails: All you need to know 

Computer scientists at Graz University of Technology have found the SnailLoad loophole that could enable unauthorised surveillance of internet users’ online activities, reports Tech Times.

Also read: Alert! New ‘ClickFix’ malware tricks users with fake error fixes for Chrome & OneDrive

According to the researchers, the SnailLoad loophole bypasses traditional data protection measures such as firewalls, VPN connections, and browser privacy modes.

SnailLoad differs from traditional methods like malware or data interception by exploiting fluctuations in internet connection speeds to track users’ online actions. This method operates without deploying malicious code, making it particularly insidious. 

Researchers at the Institute of Applied Information Processing and Communication Technology (IAIK) identified that the vulnerability relies on monitoring latency variations that happen during the transfer of seemingly harmless files from attacker-controlled servers to unsuspecting victims.

Stefan Gast from IAIK explained that every online activity leaves a distinct latency pattern, akin to a unique fingerprint. Whether users interact with websites, watch videos, or engage in video calls, these activities create specific latency fluctuation patterns that reflect the content being accessed.

By analysing these patterns, attackers can reconstruct the sequence of a victim’s online actions. This technique includes gathering latency fingerprints in advance from popular websites and YouTube videos.

Another researcher involved in…

Source…