All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

FROST attack uses browser API to spy on browsing activity via SSD timing measurements, researchers find

By

Luke James

1d ago· 4 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

Fresh out the oven, still warm. Top of the tray.

Score85TypenewsSentimentnegative

Summary

Security researchers at Graz University of Technology have published a paper describing FROST (Fingerprinting Remotely using OPFS-based SSD Timing), a side-channel attack that exploits the browser's Origin Private File System (OPFS) API to measure SSD access latency via JavaScript. This allows a malicious website to identify what other sites and apps a visitor has open with 89% accuracy for websites and 96% for applications, requiring no special permissions or user interaction beyond visiting the malicious site. The attack works within a standard browser sandbox and represents a novel privacy vulnerability in modern browsers.

Key quotes

· 3 pulled
Security researchers at Graz University of Technology in Austria have published a paper describing a side-channel attack that lets a malicious website identify what other sites and apps a visitor has open by measuring SSD access latency through JavaScript inside a standard browser sandbox.
The technique, called FROST (Fingerprinting Remotely using OPFS-based SSD Timing), correctly identified visited websites with roughly 89% accuracy and running applications with roughly 96% accuracy on a test Mac
requires nothing from the victim beyond visiting the malicious website
Snippet from the RSS feed
The technique correctly identified visited websites with roughly 89% accuracy and running applications with roughly 96% accuracy on a test Mac

You might also wanna read

Firefox Privacy Vulnerability: IndexedDB Database Ordering Enables Cross-Origin User Fingerprinting

Researchers discovered a privacy vulnerability in Firefox-based browsers (including Firefox Private Browsing and Tor Browser) that allows we

fingerprint.com·1mo ago

Understanding Browser Fingerprinting: The Privacy Threat Beyond Tracking Cookies

The article discusses browser fingerprinting as a privacy threat that goes beyond traditional tracking cookies. It explains how websites can

kevinboone.me·6mo ago

Browser Fingerprint Detector: Test Your Device's Digital Tracking Footprint

A brief overview of browser fingerprinting technology and how websites track users through device-specific characteristics. The article intr

fingerprint.goldenowl.ai·8mo ago

Browser Fingerprinting via Favicons: Persistent Tracking Method Called Supercookie

Supercookie is a browser fingerprinting technique that uses favicons to assign persistent unique identifiers to website visitors. Unlike tra

github.com·6mo ago