Overview
Explore a groundbreaking presentation on a novel approach to timing attacks that is completely resilient to network jitter. Delve into the evolution of timing attacks over the past 25 years, from their inception against RSA and Diffie-Hellman to their current potential to compromise millions of devices over the Internet. Learn about the challenges attackers face with network jitter and how this new method overcomes them. Examine the requirements for timeless timing attacks, attack scenarios including cross-site timing attacks, and real-world applications such as exploiting WPA2 and EAP-pwd vulnerabilities. Gain insights into the potential for bruteforcing Wi-Fi passwords using these techniques. Presented by Tom Van Goethem and Mathy Vanhoef at Black Hat, this 39-minute talk offers a comprehensive look at the future of timing attacks and their implications for cybersecurity.
Syllabus
Intro
Timing attacks...
Remote Timing Attacks Success
Timeless Timing Attacks: Requirements
Requirement #2: concurrent execution
Attack Scenarios
Cross-site Timing Attack
Cross-site Timeless Timing Attack
WPA2 & EAP-pwd
Bruteforcing Wi-Fi passwords
Conclusion
Taught by
Black Hat