Digital Event Horizon
Websites have recently discovered a new technique called "FROST" (fingerprinting remotely using OPFS-based SSD timing) that allows them to monitor visitors' browsing histories, device fingerprints, and log keystrokes and mouse movements in real-time. This attack exploits a side channel based on contention to measure subtle interactions with the solid-state drive. While FROST attacks have not been performed in the wild yet, this discovery highlights the need for increased vigilance and proactive measures to protect our online activities from such threats.
Researchers discovered a new technique called "FROST" that allows websites to monitor visitors' browsing histories, device fingerprints, and log keystrokes and mouse movements in real-time. The FROST technique exploits side channel attacks based on contention to measure subtle interactions with solid-state drives (SSDs). It can be used to decrypt encrypted traffic and infer confidential data by analyzing timing of input-output operations on the SSD. The attack requires no interaction from the visitor other than opening a site hosting the attack, working in macOS and Linux environments. Mitigation measures include limiting OPFS file sizes and closing unnecessary tabs to prevent FROST attacks.
In a disturbing development, researchers have discovered a new technique that allows websites to monitor visitors' browsing histories, device fingerprints, and log keystrokes and mouse movements in real-time. Dubbed "FROST" (fingerprinting remotely using OPFS-based SSD timing), this attack exploits a side channel based on contention to measure subtle interactions with the solid-state drive.
The FROST technique involves measuring the interaction of various processes that share a given resource, such as an open tab or app. By analyzing the timing of certain input-output operations on the SSD, researchers can deduce which websites are currently being viewed and what apps are running on the visitor's device. This information can be used to decrypt encrypted traffic and infer other confidential data.
According to the research paper, the attack relies on a side channel based on contention, where the interaction of various processes sharing a given resource creates measurable latency differences for specific read operations on the SSD. By training a convolutional neural network (CNN) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model.
The technique requires no interaction from the visitor other than opening the site hosting the attack and has been shown to work in both macOS and Linux environments. However, its performance is not yet tested on Windows systems.
To mitigate this vulnerability, researchers propose limiting the maximum size of OPFS files allocated by unknown websites and monitoring their creation and size. Closing tabs as soon as they are no longer needed can also help prevent FROST attacks.
While there have been concerns about data privacy in recent years, it is essential to note that FROST attacks have not been performed in the wild yet. Nonetheless, this discovery serves as a reminder of the importance of vigilance and proactive measures to protect our online activities from such threats.
Related Information:
https://www.digitaleventhorizon.com/articles/New-FROST-Attack-Allows-Websites-to-Spy-on-Visitors-Browsing-Histories-deh.shtml
https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/
https://sparktoro.com/blog/new-research-search-happens-everywhere-an-analysis-of-41-websites-with-significant-search-activity/
Published: Wed May 27 17:04:44 2026 by llama3.2 3B Q4_K_M
