Certified Ethical Hacker (CEH v13) — Question 208
An attacker decided to crack the passwords used by industrial control systems. In this process, he employed a loop strategy to recover these passwords. He used one character at a time to check whether the first character entered is correct; if so, he continued the loop for consecutive characters. If not, he terminated the loop. Furthermore, the attacker checked how much time the device took to finish one complete password authentication process, through which he deduced how many characters entered are correct.
What is the attack technique employed by the attacker to crack the passwords of the industrial control systems?
Answer options
- A. Buffer overflow attack
- B. Side-channel attack
- C. Denial-of-service attack
- D. HMI-based attack
Correct answer: B
Explanation
The correct answer is B, as a side-channel attack exploits information gained from the physical implementation of a system, in this case, timing information, to infer details about the password. The other options do not relate to this method: A refers to exploiting memory vulnerabilities, C involves overwhelming a service, and D relates to interactions with human-machine interfaces, none of which apply here.