Stefan GastI have just presented our paper on Zero Click SnailLoad at ESORICS 2025 in Toulouse. Thank you to all who attended my talk, also for the nice discussion!
Also thanks to @c1t for taking the picture!
Nuisance of the day: Mobile email applications that automatically render HTML mails by default, including links, without clearly indicating where they go. "Bonus" points for loading external references without asking.
Just now, somebody showed me a fully rendered phishing mail in their web.de app.
Of course, I had to do a quick SnailLoad demo and that one works, too, with a client-side connection to the attacker server. 🤔
We investigated problematic behavior like this in our Zero-Click SnailLoad paper, so this is just yet another case.
However, I said it before and I will say it again: HTML emails are a pest, especially with external references!
In our new paper (accepted at ESORICS 2025), we explore how attackers can mount automated SnailLoad attacks without requiring the user to explicitly click a link to the attacker's server.
For this, we exploit the automatic handling of external references in messenger and email applications, as well as responses from home routers to TCP SYNs targeting closed ports.
The full paper is available here: https://stefangast.eu/papers/zeroclicksnailload.pdf
Thank you to Nora Puntigam, @silent_bits, @vmcall, @lavados and Johanna Ullrich for the fantastic collaboration!
Klaus AschenbrennerSnailLoad: the next Side-Channel Attack found by the University of Technology in Graz: https://www.snailload.com #snailload
#SnailLoad is now CVE-2024-39920: https://nvd.nist.gov/vuln/detail/CVE-2024-39920
Scripter 
New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities
https://thehackernews.com/2024/06/new-snailload-attack-exploits-network.html #SnailLoad
https://thehackernews.com/2024/06/new-snailload-attack-exploits-network.html #SnailLoad
Joaquim Homrighausen"New attack named SnailLoad allows a remote attacker to infer websites and videos viewed by a user without direct access to network traffic."
Marcel SIneM(S)USGrazer Lauschangriff braucht bloß TCP/IP - weder Malware noch Sicherheitslücke | c't Magazin https://www.heise.de/news/SnailLoad-Lauschangriff-ohne-Man-in-the-Middle-und-ohne-Code-auf-dem-Zielsystem-9775311.html #SnailLoad
happygeek 
+ 
= $0By me @Forbes: SnailLoad attack methodology allows for spying without infiltrating the network or installing malware. It’s clever, but is it dangerous?
# infosec #SnailLoad #PrivacyMatters
mithosWährend der Arbeitszeit gleichzeitig youtube-Videos und twitch-streams schauen ist das neue
"Radio an und die Unterhaltung bei laufender Dusche im Badezimmer führen": Es fügt Abhörschutz durch Rauschen hinzu. ;-)