New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
Researchers at Graz University of Technology unveiled a new attack named FROST on March 18, 2024, which allows malicious websites to track users' browsing habits and app usage by exploiting the timing characteristics of Solid State Drives (SSDs). This attack requires only JavaScript and does not necessitate native code, browser extensions, or user permissions. By leaving a malicious tab open, the website can monitor drive access patterns in the background, inferring activity on other sites or applications. The FROST attack leverages the fact that different websites and applications cause varying levels of contention on an SSD. When a user visits a new website or launches an application, it triggers specific read/write operations on the SSD. The FROST JavaScript code measures the time it takes for these operations to complete. By analyzing these timing variations, the attack can build a profile of the user's online and offline activities. This technique bypasses traditional privacy measures designed to prevent cross-site tracking, as it operates at a hardware level through indirect observation. The researchers demonstrated that FROST could accurately identify popular websites and applications, posing a significant privacy risk to internet users. The attack's effectiveness relies on the unique timing signatures produced by different data access patterns on the SSD, making it a novel method for covert surveillance.
Original source — read the full reporting at the publisher:
Read on The Hacker News