nerdexam
EC-Council

312-50V11 · Question #1014

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether

The correct answer is A. Side-channel attack. By measuring how long the authentication process takes per character attempt, the attacker deduces correct password characters one at a time using a timing side-channel attack.

IoT and OT Hacking

Question

An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct. What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?

Options

  • ASide-channel attack
  • BDenial-of-service attack
  • CHMI-based attack
  • DBuffer overflow attack

How the community answered

(42 responses)
  • A
    43% (18)
  • B
    10% (4)
  • C
    17% (7)
  • D
    31% (13)

Why each option

By measuring how long the authentication process takes per character attempt, the attacker deduces correct password characters one at a time using a timing side-channel attack.

ASide-channel attackCorrect

A side-channel attack exploits indirect information leaked by a system's physical or temporal behavior rather than a weakness in the cryptographic algorithm itself. The attacker here uses a timing attack - a specific side-channel variant - correlating the ICS device's authentication duration with how many characters were matched before the loop terminated, allowing sequential password recovery without ever brute-forcing the full credential space.

BDenial-of-service attack

A denial-of-service attack aims to make a system unavailable by exhausting its resources with excessive requests, and involves no timing analysis or character-level password reconstruction.

CHMI-based attack

An HMI-based attack targets vulnerabilities in the Human-Machine Interface application layer of ICS environments, exploiting software flaws in the operator interface rather than measuring authentication response timing.

DBuffer overflow attack

A buffer overflow attack corrupts adjacent memory by writing beyond an allocated buffer boundary to redirect execution flow, and is entirely unrelated to timing the authentication loop to infer correct password characters.

Concept tested: Timing side-channel attack on ICS password authentication

Source: https://csrc.nist.gov/glossary/term/side_channel_attack

Topics

#side-channel attack#timing attack#ICS password cracking#OT security

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice