PRESS-NEWS.org - Press Release Distribution
PRESS RELEASES DISTRIBUTION

New security loophole allows spying on internet users visiting websites and watching videos

Online activities can be monitored in detail simply by analysing latency fluctuations in the internet connection, researchers at Graz University of Technology have discovered. The attack works without malicious code or access to the data traffic.

New security loophole allows spying on internet users visiting websites and watching videos
2024-06-24
(Press-News.org) Internet users leave many traces on websites and online services. Measures such as firewalls, VPN connections and browser privacy modes are in place to ensure a certain level of data protection. However, a newly discovered security loophole allows bypassing all of these protective measures: Computer scientists from the Institute of Applied Information Processing and Communication Technology (IAIK) at Graz University of Technology (TU Graz) were able to track users' online activities in detail simply by monitoring fluctuations in the speed of their internet connection. No malicious code is required to exploit this vulnerability, known as "SnailLoad", and the data traffic does not need to be intercepted. All types of end devices and internet connections are affected.

Attackers track latency fluctuations in the internet connection via file transfer Attackers only need to have had direct contact with the victim on a single occasion beforehand. On that occasion, the victim downloads a basically harmless, small file from the attacker's server without realising it - for example while visiting a website or watching an advertising video. As this file does not contain any malicious code, it cannot be recognised by security software. The transfer of this file is extremely slow providing the attacker with continuous information about the latency variation of the victim's internet connection. In further steps, this information is used to reconstruct the victim's online activity.

"SnailLoad" combines latency data with fingerprinting of online content "When the victim accesses a website, watches an online video or speaks to someone via video, the latency of the internet connection fluctuates in a specific pattern that depends on the particular content being used," says Stefan Gast from the IAIK. This is because all online content has a unique "fingerprint": for efficient transmission, online content is divided into small data packages that are sent one after the other from the host server to the user. The pattern of the number and size of these data packages is unique for each piece of online content - like a human fingerprint.

The researchers collected the fingerprints of a limited number of YouTube videos and popular websites in advance for testing purposes. When the test subjects used these videos and websites, the researchers were able to recognise this through the corresponding latency fluctuations. "However, the attack would also work the other way round," says Daniel Gruss from the IAIK: "Attackers first measure the pattern of latency fluctuations when a victim is online and then search for online content with the matching fingerprint."

Slow internet connections make it easier for attackers When spying on test subjects who were watching videos, the researchers achieved a success rate of up to 98 per cent. "The higher the data volume of the videos and the slower the victims' internet connection, the better the success rate," says Daniel Gruss. Consequently, the success rate for spying on basic websites dropped to around 63 per cent. "However, if attackers feed their machine learning models with more data than we did in our test, these values will certainly increase," says Daniel Gruss.

Loophole virtually impossible to close "Closing this security gap is difficult. The only option would be for providers to artificially slow down their customers' internet connections in a randomised pattern," says Daniel Gruss. However, this would lead to noticeable delays for time-critical applications such as video conferences, live streams or online computer games.

The team led by Stefan Gast and Daniel Gruss has set up a website describing SnailLoad in detail. They will present the scientific paper on the loophole at the conferences Black Hat USA 2024 and USENIX Security Symposium.

This research is anchored in the Field of Expertise "Information, Communication & Computing", one of five strategic foci of TU Graz.

END

[Attachments] See images for this press release:
New security loophole allows spying on internet users visiting websites and watching videos New security loophole allows spying on internet users visiting websites and watching videos 2

ELSE PRESS RELEASES FROM THIS DATE:

Comparison of no-test telehealth and in-person medication abortion

2024-06-24
About The Study: This prospective, observational study found that medication abortion obtained following no-test telehealth screening and mailing of medications was associated with similar rates of complete abortion compared with in-person care with ultrasonography and met prespecified criteria for noninferiority, with a low prevalence of adverse events. Quote from corresponding author Lauren J. Ralph, Ph.D., M.P.H.: “This is a prospective, observational study comparing patients who received medication abortion care remotely and without ultrasound to those who went in person to a facility and got an ultrasound. Using data from patient surveys and their medical record, we found ...

3D maps of diseased tissues at subcellular precision

3D maps of diseased tissues at subcellular precision
2024-06-24
An open-source platform developed by researchers in Nikolaus Rajewsky’s lab at the Max Delbrück Center creates molecular maps from patient tissue samples with subcellular precision, enabling detailed study and potentially enhancing routine clinical pathology. The study was published in “Cell.” Researchers in the Systems Biology Lab of Professor Nikolaus Rajewsky have developed a spatial transcriptomics platform, called Open-ST, that enables scientists to reconstruct gene expression in cells within a tissue in three ...

Estimated effectiveness of Pfizer-BioNTech vaccine against COVID-19

2024-06-24
About The Study: The findings of this case-control study reaffirm current recommendations for broad age-based use of annually updated COVID-19 vaccines given that (1) the BNT162b2 XBB vaccine (Pfizer-BioNTech; 2023-2024 formulation) provided statistically significant additional protection against a range of COVID-19 outcomes and (2) older versions of COVID-19 vaccines offered little, if any, long-term protection, including against hospital admission, regardless of the number or type of prior doses received.   Corresponding Author: To contact the ...

New study shows medication abortion without ultrasound to be safe

2024-06-24
Researchers compared patients who received care remotely to those who got ultrasounds and found no differences in outcomes.    Medication abortion patients who receive pills by mail without first getting an ultrasound do just as well as those who are examined and given the drugs in person, new research from UC San Francisco has found.    The study, which appears June 24 in JAMA, adds to evidence from UCSF’s Advancing New Standards in Reproductive Health (ANSIRH) program that using telehealth for medication abortion is safe and effective.     Although the ...

New approach accurately identifies medications most toxic to the liver

2024-06-24
The current method for assessing medication-related liver injury is not providing an accurate picture of some medications’ toxicity—or lack thereof—to the liver, according to a new study led by researchers from the Perelman School of Medicine at the University of Pennsylvania. Classification of a medication’s potential to damage the liver, termed “hepatotoxicity,” has been historically determined by counting individual reported cases of acute liver injury (ALI). Instead, the researchers used real-world health care data to measure rates of ALI within a population and uncovered that some medications’ levels of danger to the liver ...

Study reveals new opportunities to develop cancer treatments

2024-06-24
Researchers at Baylor College of Medicine and collaborating institutions have uncovered new potential therapeutic targets for cancer and new insights into existing cancer drug targets, expanding the breadth of possibilities for treating this disease. Using a comprehensive approach that included integrating proteomics, genomics and epigenomics data from 10 cancer types, the team identified protein and small protein or peptide targets in cancer tissues and validated many of them experimentally as promising candidates for therapeutic strategies. The study appeared in Cell. “Experience ...

Bezos Center for Sustainable Protein launches at Imperial with $30M funding

Bezos Center for Sustainable Protein launches at Imperial with $30M funding
2024-06-24
Bezos Earth Fund grant establishes new Centre at Imperial to transform global food systems from environmentally damaging to innovative by creating sustainable solutions. Imperial’s Bezos Centre for Sustainable Protein, launched today, will develop innovative and evidence-based solutions through the design, delivery, and commercialisation of alternative food products that are economically and environmentally friendly, nutritious, affordable, and tasty. The Centre, spanning across seven Imperial academic departments, will advance research into precision fermentation, cultivated meat, bioprocessing and automation, ...

Star clusters observed within a galaxy in the early Universe for the first time

Star clusters observed within a galaxy in the early Universe for the first time
2024-06-24
The history of how stars and galaxies came to be and evolved into the present day remains among the most challenging astrophysical questions to solve yet, but new research brings us closer to understanding it. In a new study by an international team led by Dr. Angela Adamo at Stockholm University, new insights about young galaxies during the Epoch of Reionization have been revealed. Observations with the James Webb Space Telescope (JWST) of the galaxy Cosmic Gems arc (SPT0615-JD) have confirmed that the light of the galaxy was emitted 460 million years after ...

How much oxygen do very premature babies need after birth?

2024-06-24
Giving very premature babies high concentrations of oxygen soon after birth may reduce the risk of death by 50 percent, compared to lower levels of oxygen says new research led by University of Sydney researchers. When premature babies are born, they sometimes need help breathing because their lungs haven’t finished developing. To help babies during this process, doctors may give them extra oxygen through a breathing mask or breathing tube. The study, published in JAMA Pediatrics, examined clinical trial data and outcomes of ...

Trial offers hope for cheaper, more tolerable, ketamine treatment

2024-06-24
For those suffering from treatment-resistant depression, the anaesthetic drug ketamine offers hope, but it has side effects and can be costly to access – a University of Otago-led clinical trial may change that.   Working in collaboration with New Zealand’s Douglas Pharmaceuticals, researchers have conducted a trial of ketamine in an extended-release tablet form.   The study, published in prestigious international journal Nature Medicine, involved 168 adults for whom regular anti-depressant therapy ...

LAST 30 PRESS RELEASES:

How climate change threatens this iconic Florida bird

Study reveals new factor involved in controlling calorie expenditure

Managing forests with smart technologies

Clinical trial finds that adding the chemotherapy pill temozolomide to radiation therapy improves survival in adult patients with a slow-growing type of brain tumor

H.E.S.S. collaboration detects the most energetic cosmic-ray electrons and positrons ever observed

Novel supernova observations grant astronomers a peek into the cosmic past

Association of severe maternal morbidity with subsequent birth

Herodotus' theory on Armenian origins debunked by first whole-genome study

Women who suffer pregnancy complications have fewer children

Home testing kits and coordinated outreach substantially improve colorectal cancer screening rates

COVID-19 vaccine reactogenicity among young children

Generalizability of clinical trials of novel weight loss medications to the US adult population

Wildfire smoke exposure and incident dementia

Health co-benefits of China's carbon neutrality policies highlighted in new review

Key brain circuit for female sexual rejection uncovered

Electrical nerve stimulation eases long COVID pain and fatigue

ASTRO issues update to clinical guideline on radiation therapy for rectal cancer

Mount Sinai opens the Hamilton and Amabel James Center for Artificial Intelligence and Human Health to transform health care by spearheading the AI revolution

Researchers develop tools to examine neighborhood economic effects on spinal cord injury outcomes

Case Western Reserve University awarded $1.5 million to study vaginal bacterial linked to serious health risks

The next evolution of AI begins with ours

Using sunlight to recycle black plastics

ODS FeCrAl alloys endure liquid metal flow at 600 °C resembling a fusion blanket environment

A genetic key to understanding mitochondrial DNA depletion syndrome

The future of edge AI: Dye-sensitized solar cell-based synaptic device

Bats’ amazing plan B for when they can’t hear

Common thyroid medicine linked to bone loss

Vaping causes immediate effects on vascular function

A new clock to structure sleep

Study reveals new way to unlock blood-brain barrier, potentially opening doors to treat brain and nerve diseases

[Press-News.org] New security loophole allows spying on internet users visiting websites and watching videos
Online activities can be monitored in detail simply by analysing latency fluctuations in the internet connection, researchers at Graz University of Technology have discovered. The attack works without malicious code or access to the data traffic.