Websites Can Track User Activity Through SSD Behavior Analysis

Post Views: 4

Websites Can Spy on User Activity by Analyzing SSD Behavior

Researchers have discovered a novel way for websites to gather information about users’ activities beyond their browsing habits. This technique, dubbed FROST, takes advantage of the timing differences caused by Solid-State Drive (SSD) contention, a phenomenon where multiple applications compete for access to the same storage device.

The FROST Attack Works as Follows:

The Origin Private File System (OPFS) is used to create a sandboxed storage area for websites.
A website uses the OPFS to measure the timing differences caused by SSD contention.
The website infers information about the websites and applications active on a user’s system without requiring any malware, browser extensions, or elevated privileges.

The FROST attack relies on the measurement of timing differences created by SSD contention, allowing a website to collect information about activity occurring elsewhere on a user’s system. Unlike previous SSD-based side-channel attacks, which required software running directly on a device, FROST moves the attack into the browser. This means that a user only needs to visit a webpage hosting the attack code to become vulnerable.

According to the researchers, “This technique reflects a broader shift in how web browsers are used, evolving from simple document viewers into complex platforms capable of running sophisticated applications. While this shift offers numerous benefits, such as platform independence and accessibility, it also introduces new security and privacy challenges.”

Practical Limitations of the FROST Attack:

The need for long-running measurements, which can consume significant storage space.
The dependency on the targeted activity occurring on the same SSD being monitored.
The attack does not provide direct access to files stored on a device and does not bypass browser sandboxing protections.

Several mitigations are discussed, including limiting the amount of storage available through OPFS, reducing the precision of timing information available to websites, and alerting users when websites store unusually large amounts of data. The researchers responsibly disclosed their findings to Google, Mozilla, and Apple before publication, and the Chromium team stated that it does not consider fingerprinting attacks to be security vulnerabilities.