www.it-connect.fr
Your SSD Is Spying on You: FROST, the New Web Tracking Method
FROST is the name of a new and frightening technique that measures the tiny slowdowns of your SSD to accurately infer which other websites and applications you use on your machine. A tracking method that is as novel as it is experimental.
How does the FROST attack work?
The FROST attack (one of whose designers is Daniel Gruss) turns your SSD into a spy tool. This tracking technique, or attack, if you will, relies on JavaScript code executed invisibly when a web page is viewed. The user does not need to interact with the page; simply opening it is enough to execute the JavaScript code in question.
"In this paper, we present FROST, a JavaScript side-channel attack that exploits OPFS to disclose sensitive information from the browser without requiring any user interaction, on both Linux and macOS.", explains the paper published by the researchers.
OPFS, for Origin Private File System, is a mechanism built into web browsers that allows interaction with the machine's disk within a sandboxed environment.
In the context of the FROST attack, this file is directly targeted by the JavaScript code. By continuously and extremely precisely monitoring the content of this file, it becomes possible to determine what the machine is doing.
These variations and micro-slowdowns caused by application and website activity make it possible to build a set of fingerprints. More specifically, it is access contention that is monitored and that triggers these tiny slowdowns.
A neural network to detect signatures
As a human, it is impossible to perform this analysis with such precision, but the researchers were able to do it thanks to a convolutional neural network.
"For our FROST website fingerprinting attack, we first generate training data for our CNN model. We collect traces while visiting the top 50 websites from the Alexa Top Million ranking, generating 100 traces per website, which yields a labeled dataset of 5,000 traces.", we can read.
This training is the key to making the FROST technique accurate and to associating a signature with each application and website. And in practice, it works quite well!
The tests presented by the researchers show the following results: the FROST technique makes it possible to identify the correct website in nearly 9 out of 10 cases. It performs even better with applications, where accuracy rises to more than 95% for recognizing the application opened by the user.
It should be noted that the tests were carried out on an M2 Mac. For reasons I do not know, the FROST technique was not tested on Windows. Yet OPFS is also used by web browsers on Windows.
This technique, while impressive, is experimental. It seems difficult to imagine using such a method for large-scale tracking on the web. This is even more true because the OPFS file must be at least 1 GB to be exploitable, so it would quickly become noticeable if the technique were to be used massively.
