Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Over the years, there has been no shortage of websites that use clever techniques to secretly track visitors. browsing history, device fingerprintand keys and mouse movements in real time. Even Meta and Yandex have recently been caught joining the privacy-hacking free-for-all.
Now websites have a new way to monitor their visitors: by testing hidden interactions with their hard drives. This method, called FROST (remote fingerprinting using OPFS-based SSD time), allows websites to monitor which pages a visitor is viewing and which apps are open on their device.
This method, written in a research paperthey do a side channelthe type of leakage caused by physical characteristics such as electromagnetic emanations, data cache, or the time required to complete a task. By testing visibility, attackers can hide hidden traffic and provide other information.
The attack used by FROST is known as a conflict side wayswhich evaluates the interaction of different processes by using (or competing with) something. By measuring the time of certain I/O (input-output) processes of the SSD that the visitor is using, the researchers were able to determine the websites that were opened in other tabs – even on other browsers – and the programs that were open on the visitor’s device. FROST does not require interaction with the guest other than opening the target area.
“Browsers have evolved from simple text viewers to complex platforms capable of using advanced tools,” the paper’s authors wrote. “Companies like Google, Microsoft, and Adobe have developed full-featured desktops, image and video editors, or even integrated development environments (IDEs) that run within browsers.” The authors went on to say: “While this increases the functionality of web applications and allows for new uses, it also increases the number of attacks on browsers, some of which have already been shown to cause other problems.”
Unlike previous sidebars on SSDs, FROST only runs in the browser. It uses JavaScript that interacts with the OPFS images (the beginning of a secret file), a storage area that is kept so that a specific location can use the code needed to complete a given task. Websites can create one without the interaction a visitor wants.
Although each file is sandboxed, meaning it is isolated from other websites and from the same device, JavaScript can measure I/O interactions. Then, by running this interaction through previous training convolutional neural networks-a system that uses deep learning to analyze text, audio, and images-the attacker can display the various programs and websites open on the device.
“The attacker continuously tests SSD contention by performing random reads on the main OPFS file,” the researchers explained. “SSD contention caused by user activity causes latency differences in these calculations. By training a convolutional neural network (CNN) on these results, the attacker can use fingerprints on the host’s network by distributing new information using the trained model.
This method has its limitations. First, the OPFS file must be very large—perhaps a gigabyte or more. That requirement means that large-scale attacks can be detected by many users. Additionally, the OPFS file must be stored on the SSD the guest is using. This is usually not a problem for tracking open source websites, since the OPFS file is stored in the browser’s default location. When programs are using SSDs for software, these programs cannot be recognized by FROST.
One of the best ways to avoid FROST attacks is to close tabs as soon as they disappear. Many users can monitor the creation and size of OPFS files provided by unknown websites. The researchers proposed ways to make the browser to block the sidebar. One such way is to limit the size of such files that are allowed. There are no indications that FROST has occurred in the wild.
