[German]The new protocols HTTP/2 and WPA3 (WLAN) are currently being closely examined by security researchers. Timeless timing attacks can be used to extract sensitive information.
Advertising
The WPA2 protocol used to secure communication between routers and terminals in wireless networks is now around 20 years old. In October 2017 there was the information about security holes in WPA2 ( Information about the KRACK security hole in WPA2 can be found in my blog). The Wi-Fi Alliance, an industry association of device manufacturers such as Apple, Microsoft and Qualcomm, has announced the new next-generation wireless network security standard, WPA3, to replace the 'insecure' WPA2 in 2018. Implementations for specific devices (FRITZ!Box, or Windows 10) have been presented in the last weeks.
Timeless Timing Attacks on HTTP/2 and WPA3…
I have just been informed via Twitter that security researchers are taking a closer look at HTTP/2 and WPA3. One carries out so-called Timeless Timing Attacks.
Researchers exploit HTTP/2, WPA3 protocols to stage highly efficient 'timeless timing' attacks https://t.co/Hx3W4KIMjB
— /r/netsec (@_r_netsec) July 30, 2020
A new technique developed by researchers at the Belgian KU Leuven and New York University Abu Dhabi shows how malicious actors can exploit the special properties of network protocols to extract sensitive information. The technique, called "Timeless Timing Attacks", presented at this year's Usenix conference, exploits the way network protocols handle concurrent requests to solve one of the endemic challenges of remote timing side channel attacks. Details may be read within the linked document.
