Researchers at Graz University of Technology have discovered FROST, a new attack vector that allows malicious websites to track users' browsing activity and application usage through JavaScript-based SSD timing analysis. The attack requires no special permissions, native code, or browser extensions, operating silently in the background by monitoring storage drive contention patterns.
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the drive for contention in the background. Researchers at Graz University of Technology built it and
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
