Stefan Gast

Announcing SnailLoad, the first fully remote website- and video-fingerprinting attack working via arbitrary TCP connections.
SnailLoad does not require any attacker code on the victim machine, any TCP connection is enough.

Great collaboration with Roland Czerny, Jonas Juffinger, Fabian Rauscher, @silent_bits and @lavados.

See the website for the full paper and a live demo: https://www.snailload.com
(1/3)

#SnailLoad #sidechannel #networksecurity

SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript

Jun 24, 2024 at 4:00pmWeb
Show threadStefan GastJun 24, 2024
Looking forward to present #SnailLoad at #BlackHatUS, together with @lavados:
https://www.blackhat.com/us-24/briefings/schedule/#snailload-anyone-on-the-internet-can-learn-what-youre-doing-38797
(2/3)
Black Hat

Black Hat

Show threadStefan GastJun 24, 2024

Also looking forward to present #SnailLoad at #USENIX2024.
(3/3)

#usenixsecurity #usenixsec #usenixsecurity

Show threadStefan GastJun 24, 2024
And, for the demo we also created a video: https://www.youtube.com/watch?v=oQpbSbeAJ2I
c0de - SnailLoad (A Parody Song)

YouTube
Show threadStefan GastJul 4, 2024
#SnailLoad is now CVE-2024-39920: https://nvd.nist.gov/vuln/detail/CVE-2024-39920
NVD - CVE-2024-39920

Show threadGEBIRGEJun 25, 2024
@notbobbytables Cool, I didn't know the paper was already out. Congratulations on the awesome research!
Show threadStefan GastJun 25, 2024
@GEBIRGE Thank you! Yes, we just released it yesterday, so it's still quite recent. 🙂