Network Security, Threat Intelligence

New SnailLoad side-channel attack detailed

Wireless network and connection abstract data background with wifi symbol

SecurityWeek reports that website and content inferencing could be remotely conducted by threat actors without direct network traffic access via the new SnailLoad side-channel attack technique.

Several latency measurements for websites and YouTube videos viewed by targets are being conducted by threat actors to establish digital fingerprints before luring targets to download files from a malicious server, according to a report from Austria's Graz University of Technology, which will be presented at the Black Hat USA 2024 cybersecurity conference. Such content is slowly loaded by the server to enable continued tracking of connection latency, with threat actors potentially using a convolutional neural network for content inferencing. "The main threat here is that any TCP server can stealthily obtain latency traces from any clients connecting to it," said researcher Stefan Gast. However, SnailLoad may not have been actively exploited yet due to the challenges that could affect its accuracy, researchers said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.