New FROST Attack Exploits SSD Timing to Track User Activity Across macOS and Linux
AI-generated from multiple sources. Verify before acting on this reporting.
VIENNA — A new cybersecurity vulnerability dubbed FROST enables malicious websites to monitor which applications and other sites a user accesses by measuring solid-state drive timing through JavaScript and the Origin Private File System. Researchers at Graz University of Technology disclosed the attack on Monday, demonstrating a method that operates without requiring native code or special permissions.
The technique exploits the way modern operating systems handle file system operations. By leveraging the Origin Private File System, a standard web technology designed to store data locally, the attack measures the time it takes for the system to access specific files. Variations in access speed reveal whether a user has recently opened a particular application or website, effectively creating a digital fingerprint of user activity.
The vulnerability affects macOS and Linux systems. The researchers stated that the attack vector functions within standard web browsers, allowing a compromised website to silently execute the tracking code. Unlike previous fingerprinting methods that rely on browser configuration or hardware identifiers, FROST targets the underlying storage hardware's performance characteristics.
The disclosure highlights a growing concern regarding cross-browser privacy leaks. The attack does not require the user to install additional software or grant elevated permissions. Instead, it utilizes standard web APIs available to any website loaded in the browser. The timing measurements are precise enough to distinguish between different applications, potentially exposing sensitive information about a user's digital habits.
Security experts note that the reliance on SSD timing creates a new remote attack vector that is difficult to mitigate through traditional browser sandboxing. The Origin Private File System, intended to improve web application performance by providing a secure storage area, inadvertently provides the mechanism for this side-channel attack. The researchers demonstrated that the technique works across different browser environments, suggesting that the vulnerability is inherent to the operating system's file handling rather than a specific browser flaw.
No major software vendors have issued patches as of Monday. The researchers are working with browser developers and operating system maintainers to address the issue. The disclosure comes amid broader efforts to strengthen web privacy standards against increasingly sophisticated tracking methods. The FROST attack represents a shift in how adversaries can extract information from user devices, moving beyond cookies and browser fingerprints to hardware-level interactions.
The full extent of the vulnerability's impact on enterprise environments remains unclear. Questions persist regarding whether existing browser security features can be updated to block the timing measurements without breaking legitimate web applications. As the research team continues to refine their findings, the cybersecurity community faces the challenge of balancing performance optimization with privacy protection in modern computing environments.