A new attack method called SnailLoad allows a remote attacker to infer websites and other content users view without needing direct access to their network traffic. Unlike previous attacks, SnailLoad does not require a person-in-the-middle position, JavaScript, or any other code execution on the victim’s system.
To launch a SnailLoad attack, the attacker conducts latency measurements for various websites and YouTube videos the victim may view and creates a unique fingerprint for each. The attacker must then get the targeted user to load data from a malicious server.
Read More: New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
