SnailLoad: Anyone on the Internet Can Learn What You're Doing
Unknown
Black Hat USA 2024 · Day 1 · Briefing
The "SnailLoad" talk at Black Hat USA unveiled a potent new form of remote side-channel attack that allows an attacker to infer a user's online activities, such as which websites they are visiting or which videos they are watching, with surprising accuracy. What makes SnailLoad particularly concerning is its truly remote nature: it requires no local code execution on the victim's machine and does not necessitate a "person-in-the-middle" position. Instead, the attack leverages the subtle, yet distinct, **latency traces** observed from *any* connection to a remote server.