www.it-connect.fr
Your SSD Is Betraying You: FROST, the New Web Tracking Method
FROST is the name of a new and frightening technique that measures tiny slowdowns in your SSD to accurately infer which other websites and applications you are using on your machine. A tracking method that is as unprecedented as it is experimental.
How does the FROST attack work?
The FROST attack (one of whose designers is Daniel Gruss) turns your SSD into a spy device. This tracking technique, or attack if you will, relies on JavaScript code executed invisibly when a web page is visited. The user does not need to interact with the page; simply opening it is enough to execute the JavaScript code in question.
"In this article, we present FROST, a JavaScript side-channel attack that exploits the OPFS to disclose sensitive information from the browser without requiring any user interaction, on both Linux and macOS.", explains the paper published by the researchers.
OPFS, short for Origin Private File System, is a mechanism built into web browsers that makes it possible to interact with the machine's disk within a sandboxed environment.
In the context of the FROST attack, this file is directly targeted by the JavaScript code. By continuously and extremely precisely monitoring the contents of this file, it becomes possible to determine the activity on the machine.
These variations and micro-slowdowns caused by the activity of applications and websites make it possible to create a set of fingerprints. More specifically, it is access conflicts that are monitored and that cause these tiny slowdowns.
A neural network to detect the signatures
As a human, it is impossible to perform this analysis with such precision, but the researchers were able to do it thanks to a convolutional neural network.
"For our FROST website fingerprinting attack, we first generate training data for our CNN model. We collect traces while visiting the top 50 websites in the Alexa Top Million ranking, generating 100 traces per website, which results in a labeled dataset of 5,000 traces.", we can read.
This training is the key to making the FROST technique accurate and to associating a signature with each application and website. And in practice, it works pretty well!
The tests presented by the researchers produced the following results: the FROST technique makes it possible to find the correct website in nearly 9 out of 10 cases. It does even better with applications, where accuracy rises to more than 95% for recognizing the application opened by the user.
It should be noted that the tests were carried out on a Mac M2. For a reason I do not know, the FROST technique was not tested on Windows. Yet OPFS is also used by web browsers on Windows.
This technique, while impressive, is experimental. It seems difficult to imagine using such a technique for large-scale tracking on the web. This is all the more true since the OPFS file must be at least 1 GB to be usable, so it would quickly become noticeable if the technique were to be exploited on a massive scale.
