Timing Attacks Have Never Been so Practical: Advanced Cross-Site Search Attacks

by Nethanel Gelernter Sept. 16, 2017 via www.blackhat.com submitted by belen_caty

Cross-site search (XS-search) is a practical timing side-channel attack that allows the extraction of sensitive information from web-services. The attack exploits inflation techniques to efficiently distinguish between search requests that yield results and requests that do not. This work focuses on the response inflation technique that increases the size of the response; as the difference in the sizes of the responses increases, it becomes easier to distinguish between them. We begin with browser-based XS-search attack and demonstrate its use in extracting users' private data from Gmail and Facebook. The browser-based XS-search attack exploits the differences in the sizes of HTTP responses, and works even when significant inflation of the response is impossible. This part also involves algorithmic improvements compared to previous work.


Steven Ulm 1 month ago

I find your article very "practical" and raising awareness towards both the problem and the solution. Thank you for sharing this with us!