AppSec Israel 2016 has ended
Back To Schedule
Monday, September 19 • 10:05 - 10:50
The Threat of Advanced Cross-Site Search Attacks

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Cross-site search (XS-search) is a practical timing side-channel attack that allows the extraction of sensitive information from web-services. The attack exploits inflation techniques to efficiently distinguish between search requests that yield results and requests that do not. This work focuses on the response inflation technique that increases the size of the response; as the difference in the sizes of the responses increases, it becomes easier to distinguish between them. We begin with browser-based XS-search attack and demonstrate its use in extracting users' private data from Gmail and Facebook. The browser-based XS-search attack exploits the differences in the sizes of HTTP responses, and works even when significant inflation of the response is impossible. This part also involves algorithmic improvements compared to previous work. When there is no leakage of information via the timing side channel it is possible to use second-order (SO) XS-search, a novel type of attack that allows the attacker to significantly increase the difference in the sizes of the responses by planting maliciously crafted record into the storage. SO XS-search attacks can be used to extract sensitive information such as email content of Gmail and Yahoo! users, and search history of Bing users.


Nethanel Gelernter

Cyberpion & College of Management Academic Studies
Nethanel Gelernter received a PhD in Computer Science from Bar-Ilan University (Israel). His research mainly focuses on web application security, and in particular in exploring new attack vectors and threats in the web. Currently, he is leading the cyber security research and studies... Read More →

Monday September 19, 2016 10:05 - 10:50 IDT
Room 10 - CS and Communications Building
  Track 2