Your SSD Could Be Leaking Your Browsing History: Researchers Unveil ‘FROST’ Side-Channel Attack
Table of Contents
The Quiet Leak in Your Hardware
For years, the battle for user privacy has been fought in the browser’s software layers. We’ve seen the rise and fall of third-party cookies, the implementation of ‘Do Not Track’ requests, and the ongoing struggle against device fingerprinting. But a new research paper reveals that the hardware beneath the software—specifically the Solid State Drive (SSD)—may be the next frontier for covert surveillance.
The technique, dubbed FROST (Fingerprinting Remotely using OPFS-based SSD timing), allows a malicious website to infer which other tabs you have open and which applications are running on your system, all without requiring any special permissions or user interaction beyond visiting the page.
How FROST Turns Storage Into a Sensor
FROST is not a traditional exploit that crashes a system or steals a password file; rather, it is a contention side-channel attack. In simple terms, it treats the SSD as a shared resource. When your computer performs a heavy task—like loading a complex web app or saving a file in a background program—it creates a measurable delay, or ‘contention,’ for any other process trying to access the drive at the same time.
The attack leverages the Origin Private File System (OPFS), a legitimate browser feature that gives websites a sandboxed area to store data. While the sandbox prevents a website from seeing your private files, it doesn’t stop the website from measuring how long it takes to read its own data.
By performing rapid, random read operations on a large OPFS file, a malicious site can create a high-resolution timeline of SSD latency. These timing ‘traces’ act like a sonic signature of your computer’s activity. To make sense of this noise, the researchers utilized a pretrained convolutional neural network (CNN). By training this AI model on specific patterns of SSD activity associated with known websites and apps, the attacker can classify the current latency traces to identify exactly what the user is doing in other windows.
The Hardware Constraint
Despite the sophistication of the AI analysis, FROST has a significant practical hurdle: it requires a massive footprint. To generate an accurate enough signal, the attacker must create an OPFS file that is likely a gigabyte or larger. In a real-world scenario, a website suddenly claiming a gigabyte of disk space would likely trigger alerts or be noticed by the user, making large-scale, stealthy deployment difficult.
Furthermore, the attack only works if the malicious OPFS file is stored on the same physical SSD as the target application. If a user separates their OS and apps onto different drives, the contention signal disappears.
Platform Reach and Mitigation
The research team demonstrated the full attack on an M2 Mac, proving that modern Apple Silicon environments are susceptible. While the full classification wasn’t executed on Linux, the researchers confirmed that the underlying mechanism—measuring SSD access latency via JavaScript—works identically on Linux systems. Hannes Weissteiner, a co-author of the study, noted in an email that the primitive performance is similar across platforms, suggesting that the attack could be adapted for almost any system activity that generates reliable SSD access.
For now, there is no evidence that FROST has been used in the wild. However, the discovery highlights the expanding attack surface of the modern browser. As browsers evolve from document viewers into full-scale operating environments capable of running IDEs and video editors, they inadvertently open doors to hardware-level leaks.
The researchers suggest that browser vendors could mitigate this by limiting the maximum size of files allowed in the OPFS or introducing ‘jitter’ into the timing of I/O operations to mask the contention signal. For the average user, the most immediate defense remains basic digital hygiene: closing unnecessary tabs and monitoring disk usage for unexpected spikes from untrusted sites.
The full findings are scheduled for presentation at the DIMVA conference in July.
