While the average user thinks that the “incognito“ mode and blocking cookies make them invisible, digital spies are finding more and more unusual loopholes. Website administrators have long been lurking on us through mouse movements or the rhythm of typing on the keyboard, but a team of Austrian researchers has brought to light a new, startling method of tracking – by eavesdropping on the activity of your hard disk drive (SSD).
The new cyberattack is named FROST (Fingerprinting Remotely using OPFS-based SSD Timing) and is capable of something that was previously considered difficult to do: find out which other sites you have opened in adjacent tabs, which browsers you are using, and even which programs are running on your computer at the same time. The most unpleasant thing? It requires absolutely nothing from your side - the trap snaps the moment you simply load a web page containing the malicious code.
The technology behind this spying is clever and relies on the so-called “page timing analysis“. In simpler terms, the code measures down to the millisecond how quickly the disk drive (SSD) performs data reading and writing tasks. Since each open application or loaded site loads the disk in its own specific way, the operating system slows down in a strictly defined pattern. The collected data about these microscopic delays is sent to a specially trained artificial neural network, which with frightening accuracy recognizes exactly what you are doing on your computer at the moment.
Unlike older similar hacking methods, FROST does not require software installation and works entirely in the browser environment using standard JavaScript. It uses the OPFS (Origin Private File System) interface - an isolated virtual storage space that sites are allowed to create automatically without asking the user for permission. Although this space is supposedly "quarantined" from the rest of the computer, the JavaScript code can quite legally detect the response time of the hardware.
The method still has its weaknesses and is not omnipotent. In order for the scheme to work, the website must create a huge OPFS file - at least 1 gigabyte in size, which can easily arouse the suspicion of more vigilant users due to a sudden glut of disk space. Moreover, the trick only works if the browser and the spyware are on the same, primary SSD drive. If you have distributed your software on different hardware, hackers are left with their hands tied.
So far, the method has been successfully tested and proven on the Apple macOS and Linux operating systems, while Windows users have not yet been subjected to the experiment. The good news is that for now, FROST is more of a theoretical development in laboratory conditions than a real weapon in the hands of cybercriminals. Still, the best shield against such digital eyes and ears remains the golden hygiene practice - close the tabs you are not using and do not linger in questionable corners of the web.