PulseAugur
EN
LIVE 09:44:12

New FROST attack spies on browsing via SSD activity through browser API

By PulseAugur Editorial · [3 sources] ·

Security researchers have developed a new side-channel attack called FROST that can spy on users' browsing activity and identify open applications by measuring SSD access latency through JavaScript in a browser. This technique exploits the Origin Private File System (OPFS) API, allowing malicious websites to create large files on a user's SSD and analyze the resulting timing patterns to infer user behavior. While effective on a test Mac with high accuracy, the attack's main barrier is the large file size, and proposed mitigations include capping OPFS file sizes or requiring explicit permission for their creation. AI

IMPACT This attack highlights a new privacy risk in web browsers, potentially impacting user trust and requiring new security measures.

RANK_REASON The cluster describes a new attack technique detailed in a research paper, with implications for browser security.

Read on Tom's Hardware →

AI-generated summary · Google Gemini · from 3 sources. How we write summaries →

New FROST attack spies on browsing via SSD activity through browser API

COVERAGE [3]

  1. Tom's Hardware TIER_1 English(EN) · Luke James ·

    Researchers say they can spy on your browsing by measuring SSD activity through a browser API — claim FROST attack requires no permissions or user interaction to identify which apps and websites you're using

    FROST exploits the Origin Private File System (OPFS), a browser API that lets websites create and store files on a user's local disk.

  2. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    📰 Websites Can Now Spy on You Through Your Hard Drive Thanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using s

    📰 Websites Can Now Spy on You Through Your Hard Drive Thanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript. 📰 Source: Feed: All Latest 🔗 Archive: https://web.archive.org/web/https://www.wired.com/story/websites…

    LINKS web.archive.org/…/websites-can-now-spy-on… web.archive.org
  3. Mastodon — fosstodon.org TIER_1 English(EN) · [email protected] ·

    Researchers say they can spy on your browsing by measuring SSD activity through a browser API — claim FROST attack requires no permissions or user interaction t

    Researchers say they can spy on your browsing by measuring SSD activity through a browser API — claim FROST attack requires no permissions or user interaction to identify which apps and websit… FROST exploits the Origin Private File System (OPFS), a browser API that lets websites…

    LINKS tomshardware.com/…/researchers-say-they-c… tomshardware.com/tech-industry

RELATED ENTITIES

RELATED TOPICS