Researchers discover method to spy on users without malware or viruses

A group of researchers has discovered a method that can be used to spy on online users without using malware or viruses. The attack allows the hacker to monitor the victim’s activity and discover visited websites and videos.

The technology poses a serious threat to privacy on the internet and can bypass all currently known security tools.

The new type of attack or security breach was discovered by scientists at the Institute of Applied Information Processing and Communication Technologies (IAIK) at the Graz University of Technology (TU Graz).

The method, called “SnailLoad,” is immune to firewalls, VPNs, and privacy modes in browsers and can be used on any device and connection type.

Its name comes from the Portuguese word “snail”, which means slug. SnailLoad would be something like “lazy loading”.

Essentially, the attack consists of monitoring the victim’s connection speed change to identify data transmission patterns.

How does the SnailLoad attack work?

The attack occurs by downloading any file hosted on the hacker’s server. This can be done by simply accessing a web page. There is no need for malware.

The file (image, ad, etc.) begins to download with an extremely slow transfer (“slug”), allowing monitoring of latency changes in the connection.

Researchers collected data transfer patterns from various popular websites and YouTube videos. Content could be detected when test participants accessed the same websites and videos. This is possible because all online communication uses unique standards for the transmission of packets.

The scientists were able to identify 98% of the videos and 63% of the websites the volunteers accessed. The heavier the file and the slower the connection, the higher the throughput rate. However, they said they use a limited amount of data. If machine learning models are fed with sufficient information, the detection rate increases.

Currently, the only way to prevent such attacks would be for internet providers to randomly reduce customers’ connection speeds, the researchers said. However, this strategy can lead to performance losses in various services such as video conferencing, live streaming and online games.