1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Websites are using this FROST-y new technique to spy on users by

    From TechnologyDaily@1337:1/100 to All on Thu May 28 20:30:26 2026
    Websites are using this FROST-y new technique to spy on users by snooping on their SSD activity

    Date:
    Thu, 28 May 2026 19:15:00 +0000

    Description:
    A new side-channel attack was discovered but exploiting it is not as easy as it sounds.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Researchers at Graz University of Technology unveiled FROST, a browser sidechannel attack The method can reveal visited websites and opened desktop apps, but requires large file creation Limitations exist, yet the study highlights how modern browser features expand the attack surface for surveillance Security researchers have come up with a new way of spying on internet users, and theyre calling it FROST. Recently, more than half a dozen researchers from the Graz University of Technology (Austria) published a new report called FROST: Fingerprinting Remotely using OPFS-based SSD Timing in which they claim that there is a way to spy on user activities directly through the browser .

    This is a remote side-channel technique that exploits a standard browser feature called the Origin Private File System (OPFS). Generally, a side-channel attack is a way of stealing secrets by measuring physical side effects, such as how long an action takes, how much power it uses. In this case, the researchers measured solid-state drive (SSD) access speeds,
    allowing them to track which websites a victim visited, and what desktop applications they opened. Web browsers have evolved from simple document viewers into complex platforms capable of running sophisticated applications, the research paper says. Companies like Google , Microsoft , and Adobe have developed full-fledged office suites, photo- and video editors, or even integrated development environments (IDEs) that run entirely within the browser. Latest Videos From You may like This Firefox vulnerability may have been tracking all your private Tor identities even in Private Mode New 'scareware' attack hits 2.8 million victims, pretending to lock them out of your browser Researchers warn you can be tracked and identified from Wi-Fi signals Limitations exist While these features enhance the capabilities of
    web applications and allow completely novel use cases, they also increase the browsers attack surface, and some have already been shown to introduce new vulnerabilities.

    Unlike real-life exploits, those discovered in controlled environments have limitations, which make it somewhat harder to pull off in the wild. For example, the attack only works if the victims activity and the browser are running on the same SSD. The attack requires creating an exceptionally large file to bypass the computers memory cache, which can noticeably drain the victims free disk space and since Firefox limits storage space per website to 10GB, the attack is a little more difficult to pull off on that specific browser.

    It was also said that the attacker cannot perform a quick, short measurement, because the large file must first be cleared out of the systems memory cache. And finally, if a user runs software that completely moves their browser profile into RAM, the zero-interaction attack is successfully blocked.

    Still, if you are worried about someone using FROST to snoop on you, just
    make sure you only keep one tab open at a time. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Via Ars Technica The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/websites-are-using-this-frost-y-new-tec hnique-to-spy-on-users-by-snooping-on-their-ssd-activity


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)