New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities

28-June-24

SnailLoad exploits a bottleneck present on all Internet connections,This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone else’s Internet connection. SnailLoad requires no JavaScript, no form of code execution on the victim system, and no user interaction but only a constant exchange of network packets. The disclosure comes as academics have disclosed a security flaw in the manner router firmware handles Network Address Translation (NAT) mapping that could be exploited by an attacker connected to the same Wi-Fi network as the victim to bypass built-in randomization in the Transmission Control Protocol (TCP).

Read More…