SnailLoad: Anyone on the Internet Can Learn What You're Doing

In this talk, we present the first remote attack to infer network activity that requires no person-in-the-middle attack scenario. Our attack is based on the discovery that the remotely measurable network packet latency carries a significant amount of side-channel information tied to the activities on the victim system. In contrast to previous person-in-the-middle attacks, we have neither a malicious proxy nor access to the local (wireless) network. Instead, our attack works from any arbitrary Internet user to any other arbitrary Internet user if network interaction can be initiated (e.g., through pings or through a background download). We present an end-to-end attack where the victim loads an asset, e.g., a file or an image, from an attacker-controlled server. While the file or image is benign and possibly signed (e.g., in a package repository), the attacker can still use this connection to spy on the network activity on the victim system from the latency variations. We present a no-person-in-the-middle video-fingerprinting attack, where we use a single SnailLoad trace to infer what video (out of a set of videos) a victim user is watching momentarily. SnailLoad marks a significant step ahead to more passive and less interactive fully remote attacks across the Internet. We discuss how future developments will influence the next generation of fully remote attacks. By: Daniel Gruss | InfoSec Professor, Graz University of Technology Stefan Gast | InfoSec Researcher, Graz University of Technology Full Abstract and Presentation Materials: https://ift.tt/LVpyHhT

source https://www.youtube.com/watch?v=YcldiAW6knk