Websites Can Now Spy on Users Through Hard Drive Timing
Original: Websites Can Now Spy on You Through Your Hard Drive
Why This Matters
Reveals new browser-based privacy vulnerability exploiting SSD timing patterns
Researchers detailed FROST technique allowing websites to track visitor activity by measuring SSD timing through JavaScript. Method exploits browser file system to detect open websites and apps without user interaction.
The FROST (fingerprinting remotely using OPFS-based SSD timing) technique exploits contention side channels to monitor SSD input-output operations timing. Using JavaScript that interacts with origin private file system (OPFS), attackers can determine websites open in other tabs and applications running on visitor devices. The method requires creating large OPFS files and uses pretrained convolutional neural networks to classify timing traces. Unlike previous SSD attacks, FROST runs exclusively in browsers with no user interaction needed beyond opening the attacking site. Researchers noted modern browsers have evolved into complex platforms running sophisticated applications, increasing attack surfaces and introducing new vulnerabilities.