Abstract
In this paper, we present DNS FLaRE, a DNS cache-based timing side-channel attack that allows an attacker to accurately infer the times at which a user visits specific websites. We demonstrate the attack on DNS forwarders, a widely used component of the DNS infrastructure that acts as an intermediary cache between DNS clients and recursive resolvers. The threat model assumes only that the victim is tricked into visiting a malicious website. We show that the attack can accurately infer the times at which a user visits specific websites by exploiting discrepancies in the DNS resolution times of a domain, depending on whether it is in the forwarder cache or not. Furthermore, when targeting IoT devices, the attack can infer when certain events were taking place at an IoT device. This is enabled by observing IoT related DNS resolution discrepancies by a browser in the same household. The attack facilitates sophisticated phishing attacks, IoT device detection and profiling and other potential privacy implications.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 34th USENIX Security Symposium |
| Publisher | USENIX Association |
| Pages | 3557-3575 |
| Number of pages | 19 |
| ISBN (Electronic) | 9781939133526 |
| State | Published - 2025 |
| Event | 34th USENIX Security Symposium, USENIX Security 2025 - Seattle, United States Duration: 13 Aug 2025 → 15 Aug 2025 |
Publication series
| Name | Proceedings of the 34th USENIX Security Symposium |
|---|
Conference
| Conference | 34th USENIX Security Symposium, USENIX Security 2025 |
|---|---|
| Country/Territory | United States |
| City | Seattle |
| Period | 13/08/25 → 15/08/25 |
Bibliographical note
Publisher Copyright:© 2025 by The USENIX Association All Rights Reserved.