Summary: This content discusses the SnailLoad bug and its potential impact on internet connections.
Threat Actor: SnailLoad | SnailLoad
Victim: Internet connections | Internet connections
Key Point:
- Most internet connections are affected by the SnailLoad bug, which exploits bandwidth bottlenecks close to the device.
- A video-fingerprinting attack using SnailLoad has been tested on 10 home internet connections, showing varying accuracies between 37% and 98%.
- Even if a router does not respond to pings, it is not safe from the SnailLoad bug as TCP ACKs carry the same information.
- Disabling TCP ACKs is not possible as they are fundamental for reliable data transmission via TCP.
Am I affected by this bug? Should I worry?
We believe that most Internet connections are affected. However, at this time it is unlikely that SnailLoad is exploited in the wild.
SnailLoad exploits bandwidth bottlenecks close to your device.
Typically, the bandwidth bottleneck is your personal internet connection, as it has a much lower bandwidth than backbone infrastructure.
Our user-study with 10 home internet connections shows that our video-fingerprinting attack works on all of the tested connections, with varying accuracies between 37% and 98%.
My router does not respond to pings, am I safe?
No, because TCP ACKs carry the same information.
Why can’t we disable TCP ACKs?
ACKs are fundamental for reliable data transmission via TCP.
When transmitting TCP packets, the sender expects the receiver to send ACKs to confirm that the packet arrived.
This ensures that packets are retransmitted if they are lost.
Removing the ACK mechanism from the TCP protocol would effectively remove its reliability guarantee and hence its core feature.
Apart from that, changing the behavior of an ubiquitous protocol like TCP is just impractical for compatibility reasons.
What about mitigations?
Mitigating SnailLoad is not trivial.
The root cause of SnailLoad are bandwidth differences between backbone and end-user connections.
To provide a suitable bandwidth to multiple users simultaneously, the backbone network infrastructure has to have a higher bandwidth than the connections of the individual users.
Hence, the root cause cannot be eliminated and further research is necessary to find satisfying solutions.
Why is it called SnailLoad?
The attack masquerades as a download of a file or any website component (like a style sheet, a font, an image or an advertisement).
The attacking server sends out the file at a snail’s pace, to monitor the connection latency over an extended period of time.
Apart from being slow, SnailLoad, just like a snail, leaves traces and is a little bit creepy.
Can I use the logo?
The logo is free to use, rights waived via CC0.
Is there proof-of-concept code?
We released our basic SnailLoad example server on GitHub.
Source: https://snailload.com
“An interesting youtube video that may be related to the article above”