0      0

(ISC)2 Security Congress 2022

2101789 - Practical Browser Based Side-Channel Attacks

Oct 11, 2022 2:45pm ‐ Oct 11, 2022 3:45pm


There is an inherent trust in the way we perceive and interact with websites today; browsers offer extreme flexibility at the price of enabling attacks like click-jacking and more recently “XS leaks,” which has major privacy implications. Pixel-Inference is a novel side-channel attack designed to infer a victim’s sensitive state at a target web site by leaking the color of one or more pixels of a cross-origin page. This is done by monitoring the way the user interacts with components that are engineered to appear differently depending on the victim’s cross-origin state. The presentation will introduce key terms, provide XS leaks demos, another show Facebook likes and Google account email addresses, discuss privacy impacts, and provide tips for mitigation and prevention.

Learning Objectives:
  • Become familiar with the mechanics and fundamental ideas behind browser-based side-channel attacks.
  • Prevent side-channel vulnerabilities and avoid some very serious privacy implications.
  • Perform browser-based side-channel attacks, including the new Pixel-Inference attack.


You must be logged in and own this session in order to post comments.