Side channel attack demonstration

This is a video of a XMC4500 pretending to be a keyboard and testing plausible combinations while measuring their response times. This was my homework at Embedded Systems and Security, which was a really cool course at the TUM. A poorly implemented authentication software could take different times for processing correct and wrong password characters and is thus vulnerable to timing-based side channel attacks. The program on the microcontroller logs all the response times and appends the new character with the longest response time to the already known ones, while testing all possible next characters. Side channel attacks like these however shouldn’t work on most safe systems anymore, but it’s good to keep this vulnerability in mind when designing your own systems.