Websites have a new way to spy on visitors: Analyzing their SSD activity
[RSS: feeds.arstechnica.com] Telltale SSD activity can be measured in the browser using simple JavaScript.
[RSS: feeds.arstechnica.com] Telltale SSD activity can be measured in the browser using simple JavaScript.
Over the decades, there has been no shortage of sites using clever techniques to covertly track visitors’ browsing histories, device fingerprints, and keystrokes and mouse movements in real time. Even Meta and Yandex were recently caught joining in the privacy-invasive free-for-all.
Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices.
A side channel based on contention
The technique, laid out in a research paper, exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data.
Support Atomni
Help us keep delivering high-quality, independent journalism. Your support makes a difference.
Support Our WorkAtomni Editorial Desk
Editorial Desk
Comments (0)
No comments yet. Be the first to share your thoughts!