Certified Ethical Hacker (CEH v11) — Question 273
An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.
What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?
Answer options
- A. Buffer overflow attack
- B. Side-channel attack
- C. Denial-of-service attack
- D. HMI-based attack
Correct answer: B
Explanation
The correct answer is B, as a side-channel attack involves analyzing information leaked during the computation process, such as timing data, to gain insights into the system's behavior. The other options, such as buffer overflow and denial-of-service attacks, do not involve character-by-character analysis or timing exploitation, and HMI-based attacks are unrelated to password cracking through timing analysis.