Explore a groundbreaking presentation on a novel approach to timing attacks that is completely resilient to network jitter. Delve into the evolution of timing attacks over the past 25 years, from their inception against RSA and Diffie-Hellman to their current potential to compromise millions of devices over the Internet. Learn about the challenges attackers face with network jitter and how this new method overcomes them. Examine the requirements for timeless timing attacks, attack scenarios including cross-site timing attacks, and real-world applications such as exploiting WPA2 and EAP-pwd vulnerabilities. Gain insights into the potential for bruteforcing Wi-Fi passwords using these techniques. Presented by Tom Van Goethem and Mathy Vanhoef at Black Hat, this 39-minute talk offers a comprehensive look at the future of timing attacks and their implications for cybersecurity.
Overview
Syllabus
Intro
Timing attacks...
Remote Timing Attacks Success
Timeless Timing Attacks: Requirements
Requirement #2: concurrent execution
Attack Scenarios
Cross-site Timing Attack
Cross-site Timeless Timing Attack
WPA2 & EAP-pwd
Bruteforcing Wi-Fi passwords
Conclusion
Taught by
Black Hat
Related Courses
-
Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux
-
Dragonblood - A Security Analysis of WPA3’s SAE Handshake
-
Sweet Dreams - Abusing Sleep Mode to Break Wi-Fi Encryption and Disrupt WPA2/3 Networks
-
Dragonblood - Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
-
KRACKing WPA2 Using Key Reinstallation Attacks
-
The Timing Attacks They Are A-Changin' - Web-based and Browser-based Timing Attack Techniques
