Certified Ethical Hacker (CEH v12) — Question 254
An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.
What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?
Answer options
- A. Buffer overflow attack
- B. Side-channel attack
- C. Denial-of-service attack
- D. HMI-based attack
Correct answer: B
Explanation
The correct answer is B, Side-channel attack, because the attacker is leveraging timing information to deduce correct characters, which is a characteristic of side-channel methods. The other options, such as A (Buffer overflow attack) and C (Denial-of-service attack), do not involve character verification through timing, and D (HMI-based attack) is unrelated to password cracking techniques.