Understanding FROST: A New Method of Tracking Online Activity
In the ever-evolving landscape of online privacy, new technologies continually emerge that may compromise user security. A recent study has introduced FROST, a method through which attackers can monitor visitors’ online activity by analyzing the input/output (I/O) operations of solid-state drives (SSDs). This method represents a significant advancement in web tracking techniques.
How FROST Works
The technique utilized in FROST leverages the capability of JavaScript to measure I/O interactions. Each file system is sandboxed, meaning it operates independently of other websites and the device’s underlying system. By conducting random reads from a large Origin Private File System (OPFS) file, attackers can analyze latency differences caused by user activity. These differences can reveal a variety of apps and websites that users have open on their devices.
As explained by the researchers, “The attacker continuously measures SSD contention by performing random reads from a large OPFS file.” The contention caused by simultaneous access to the SSD results in measurable latency variations, which, in turn, can be utilized to fingerprint user activities. By feeding these latency traces into a pretrained convolutional neural network (CNN), an attacker’s ability to classify user behavior expands significantly.
Limitations of the FROST Technique
Despite its potential for misuse, FROST does come with specific limitations. For instance, the OPFS file must be considerably large—potentially a gigabyte or more—which could raise red flags among users. Moreover, the file must reside on the same SSD that the visitor is currently using. While this stipulation doesn’t usually pose a challenge for monitoring open websites, it can inhibit detection of apps utilizing different SSD drives.
To safeguard against FROST attacks, users are advised to close tabs that are no longer needed. More tech-savvy individuals can monitor the creation and size of OPFS files set up by unfamiliar websites. Researchers also suggest that browser developers implement features to mitigate this risk, one of which is restricting the maximum allowable size of these files.
Research Insights and Future Implications
The effectiveness of the FROST attack was thoroughly tested on an M2 Mac, while researchers demonstrated the underlying principles of this method on Linux systems. Hannes Weissteiner, one of the co-authors, shared an insight: “Since the performance of the primitive is similar between macOS and Linux, we expect similar performance for the full classification.” The methods have not yet been assessed on Windows systems, leaving a gap in understanding the potential for cross-platform implications.
As this research is set to be presented at the DIMVA conference in July, it underscores the necessity for ongoing vigilance in online security, alerting users and developers alike to the potential risks associated with new tracking techniques.
You can read more about the study and its technical specifics Here.
Image Credit: arstechnica.com
