Researchers have discovered a new side-channel attack that allows websites to spy on users by monitoring their solid-state drive activity. Dubbed FROST, the technique exploits timing differences in how SSDs handle read and write operations.
How FROST Works
The attack targets NVMe drives common in modern laptops and desktops. By measuring how long it takes an SSD to respond to certain commands, an attacker can infer what applications or files are being accessed.
Websites running malicious JavaScript can trigger these measurements through browser APIs designed for high-performance storage access. The timing data reveals patterns that correlate with specific user actions like opening documents or loading web pages.
Real World Limitations
Exploiting FROST is not straightforward. The attack requires precise control over the storage subsystem and works best when the system is idle with minimal background activity.
Modern browsers have also tightened restrictions on storage timing APIs since the research was conducted. Some vendors have already implemented mitigations that reduce the accuracy of such measurements.
Why This Matters
The discovery highlights an expanding frontier in digital surveillance where hardware behavior becomes a tracking vector instead of software cookies or fingerprints.
Users who rely on SSDs for performance may face subtle privacy risks from websites they visit daily while browsing from home or work machines.
- The attack does not require physical access only remote code execution via JavaScript
- It works across different operating systems including Windows macOS and Linux
Mitigation Steps
Users can reduce risk by disabling unnecessary browser permissions for storage device access and keeping systems updated with latest security patches.
Chipset manufacturers are also exploring firmware level changes that randomize response times making side channel attacks harder to execute reliably.
