A team of researchers has uncovered a new security vulnerability that could allow hackers to spy on anyone and every internet connection, bypassing all security measures, such as VPN tools.
The vulnerability, called "SnailLoad," works by monitoring changes in the speed of a user's Internet connection, and does not require any type of code or access to the device.
Researchers say this is enough to allow hackers to track users' online activity in detail.
Any user can be affected by a SnailLoad attack by downloading a small, seemingly “harmless” file from the hacker’s server, which may be hidden inside a malicious website, for example.
The research team explained that this file does not contain malicious code, which means that security programs may not detect it at all. But the file transfer is very slow, which allows hackers to monitor how quickly the user is connecting to the Internet, and this is enough for a hack to occur, as it allows the discovery of the “fingerprint” of the connection: to transfer the file, it is divided into a number of small parts, leaving behind a unique code that can be monitored later.
“When a victim accesses a website, watches an online video, or talks to someone via video, the latency of the Internet connection fluctuates in a pattern,” said Stefan Gast of Graz University of Technology in Austria, where the team that discovered the vulnerability is based. Specific depends on the specific content used.
The researchers behind the attack said they were able to spy on users watching videos with a success rate of up to 98%. They also explained that the success rate was greater if Internet connections were slow and the videos were large.
The team published a research paper describing the findings on a dedicated website .
Worrying!
ReplyDelete