Explore advanced cross-site search (XS-search) attacks in this Black Hat conference talk. Delve into practical timing side-channel attacks that extract sensitive information from web services using response inflation techniques. Learn about browser-based XS-search attacks on Gmail and Facebook, and discover algorithmic improvements for enhanced efficiency. Examine the novel second-order (SO) XS-search attack, which allows attackers to significantly increase response size differences by planting maliciously crafted records. Understand how these attacks can compromise email content on Gmail and Yahoo!, as well as search history on Bing. Follow the attack flow, challenges, and defense strategies through real-world examples and demonstrations. Gain insights into the limitations of these attacks and potential countermeasures to protect web services from such vulnerabilities.
Timing Attacks Have Never Been So Practical - Advanced Cross-Site Search Attacks
Overview
Syllabus
Introduction
Title
Agenda
Background
Attacker Example
Advanced CrossSite Search Attacks
Basic CrossSite Search Attack Flow
Step 1 Challenge Search Request
Step 2 Dummy Search Request
Step 2 Challenge Search Request
Step 1 Statistical Tests
Challenges
Response Inflation
Attack on Gmail
Two new attack vectors
Browserbased timing attacks
Classical timing attacks
Algorithmic improvements
Evaluation
Example
Browserbased Optimization
Improved Accuracy
Demo
Limitations
Second Order Attack
Simple Attack
Simple Attack Flow
Inflating Second Order Attack
Extending the Model
How to create an inflating record
Extracting credit card numbers
Sending requests for autocomplete suggestions
Attacked account example
Attacked account demo
Attack success rate
Stealthy attack
Email services
Defenses
Conclusions
Questions
Taught by
Black Hat
