New FROST Technique Enables SSD Activity Tracking by Malicious Websites
Severity: Medium (Score: 57.0)
Sources: Rss.Slashdot, Cybersecuritynews, Gbhackers
Published: · Updated:
Keywords: their, websites, malicious, exploit, timing, signals, activity
Summary
A new side-channel attack technique called FROST allows malicious websites to track user activity by analyzing SSD timing signals. This method can determine which websites and applications are open on a visitor's device without requiring any interaction from the user. The attack leverages a contention side channel, measuring I/O operations on the SSD to infer user behavior. Researchers demonstrated that by using JavaScript in the browser, attackers can create a model that identifies user activity based on latency differences caused by SSD contention. This technique poses a significant privacy risk, as it can expose sensitive information without users' consent. Currently, the full scope of the impact is still being assessed, but the potential for widespread exploitation exists. No specific CVEs have been reported yet, and the technique is still under research. Key Points: • FROST allows websites to track user activity via SSD timing signals. • The attack requires no user interaction and runs solely in the browser. • Researchers are still assessing the full impact and potential for exploitation.
Detailed Analysis
**Impact** Users of modern browsers on devices with SSDs are affected globally, as the technique can monitor websites open in other tabs and running applications without user interaction. This exposes potentially sensitive browsing habits and app usage data, risking privacy breaches and targeted profiling. No specific sectors or geographic regions were detailed in the sources. **Technical Details** The attack vector is a drive-by visit to a malicious website that runs JavaScript exploiting the OPFS (origin private file system) to measure SSD I/O timing variations caused by contention. The technique, called FROST, uses a pretrained convolutional neural network to analyze latency differences in SSD reads and infer user activity across browsers and applications. No CVEs or malware names were mentioned, and no IOCs were provided. **Recommended Response** Defenders should monitor unusual JavaScript activity involving OPFS access and timing measurements in browsers. Browser vendors should consider restricting or auditing OPFS timing APIs to prevent side-channel exploitation. No specific patches or signatures are currently available based on the provided information.
Source articles (3)
- Websites Have a New Way To Spy On Visitors: Analyzing Their SSD Activity — Rss.Slashdot · 2026-05-28
An anonymous reader quotes a report from Ars Technica: Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (finge… - Malicious Websites Exploit SSD Timing Signals to Monitor Visitor Activity — Gbhackers · 2026-05-28
Malicious websites can now exploit subtle SSD timing signals in modern browsers to quietly track what users are doing on their devices, including which sites and apps they open, using a new side‑chann… - Malicious Websites Track Visitors by Analyzing their SSD Timing Activity — Cybersecuritynews · 2026-05-28
Malicious websites can track visitors by measuring tiny changes in SSD access times, turning normal browser activity into a privacy leak. Researchers showed that a JavaScript attack can use the browse…
Timeline
- 2026-05-27 — FROST technique revealed: Researchers disclosed the FROST technique, enabling tracking of user activity through SSD timing signals.
- 2026-05-27 — Security researchers confirm SSD tracking capabilities: Researchers confirmed that FROST can identify open websites and applications based on SSD I/O timing.
Related entities
- Data Breach (Attack Type)
- CWE-200 - Exposure of Sensitive Information (Cwe)
- T1059.007 - JavaScript (Mitre Attack)
- T1189 - Drive-by Compromise (Mitre Attack)
- Convolutional Neural Network (Tool)