Encrypted traffic from Netflix can reveal user choices as per new study

• The study used the popular Netflix movie Black Mirror: Bandersnatch where users can create their own story-line through choices presented to them.
• JSON files from encrypted Internet traffic in Netflix can expose users’ choices and preferences in the movie.

A new research study has shown how interactive movies such as Netflix’s Bandersnatch could expose sensitive data from encrypted traffic.

Academics from the Indian Institute of Technology, Madras (IITM) studies the possibility of sensitive information being leaked from streaming movies that needed user interaction. Their research involved exploring various interactive segments from the recently released Black Mirror Bandersnatch movie for traffic analysis.

The big picture

• Each interactive segment is initiated by the user to progress with a storyline based on choices presented to them.
• The user’s browser or app sends JSON files to the Netflix server whenever it encounters subsequent segments.
• From the study, it was shown that packets containing these encrypted JSON files could be distinguished by their SSL record lengths visible in the encrypted traffic.
• This flaw was observed to occur in many cases regardless of browsers, operating systems or the network connection.
• The research also captured the behavioral state of viewers who participated in the study.

How it works - In the paper, the academics highlight that the ‘SSL record lengths of client packets’ acted as the side channel to infer user choices when watching Bandersnatch. This is done to gain any insights on the users from the encrypted traffic.

How can it be fixed - The IITM researchers suggested that, “An easy fix for the problem would be to either split the JSON file or to compress it so that it becomes indistinguishable." "However, there could be timing side-channels that may still exist even after this fix,” the researchers added.