New browser-based side-channel attack uses SSD activity analysis to spy on users
By
Dan Goodin
Lightly browned and well buttered. A solid pick from the rack.
Summary
Researchers have discovered a new browser-based side-channel attack that can spy on users by analyzing SSD (Solid State Drive) activity through JavaScript. By measuring I/O interactions within the sandboxed file system using a pretrained convolutional neural network, attackers can deduce which apps and websites are open on a device. The technique involves performing random reads from a large OPFS (Origin Private File System) file to measure SSD contention caused by user activity.
Key quotes
· 3 pulledThe attacker continuously measures SSD contention by performing random reads from a large OPFS file.
SSD contention caused by user activity causes measurable latency...
While each file system is sandboxed, meaning it's isolated from other websites and from the device system itself, the JavaScript can measure the I/O interactions.
You might also wanna read
Analyzing JavaScriptCore Vulnerabilities: Developing CodeQL Queries for Security Research
This technical blog post explores JavaScriptCore (JSC), the JavaScript engine used by Safari and other macOS applications. The article provi
cyberark.com·5mo ago
Firefox Privacy Vulnerability: IndexedDB Database Ordering Enables Cross-Origin User Fingerprinting
Researchers discovered a privacy vulnerability in Firefox-based browsers (including Firefox Private Browsing and Tor Browser) that allows we
fingerprint.com·1mo ago