Researchers at Graz University of Technology have demonstrated a novel side-channel attack dubbed FROST that can fingerprint a user's browsing history and application activity by measuring timing variations in solid-state drive (SSD) operations — all from a background browser tab running nothing more than JavaScript.
How FROST Works
The attack exploits shared-resource contention on SSDs. A malicious script leverages the browser's Origin Private File System (OPFS) — a per-origin storage API that provides direct filesystem access — to perform precise SSD timing measurements. When another website is loaded or an application performs disk I/O, the resulting SSD activity creates timing differences that the script can observe. FROST requires no native code execution, no browser extensions, and no permission prompts from the user. A victim simply needs to open a webpage and leave the tab in the background; the embedded JavaScript then passively monitors SSD timing patterns to infer which other websites are being visited or which applications are being launched.
In testing, the researchers achieved an F1 score of 88.95% in identifying visited websites and active applications, demonstrating a high degree of reliability for the technique.
According to The Hacker News, which reported the findings, the attack represents a meaningful escalation in side-channel research because it shifts the attack surface from CPU microarchitectural features — the domain of well-known exploits like Spectre and Meltdown — down to the storage layer, which sits largely outside the scope of existing browser security models.
Why Existing Defenses Fall Short
The research highlights a persistent gap between application-layer security controls and hardware-level information leaks. Standard browser mitigations such as cookie restrictions, site isolation, and reduced timer granularity are largely ineffective against FROST because the attack does not depend on high-resolution JavaScript clocks or cross-origin data sharing. Instead, it reads indirect signals from SSD contention that persist regardless of how the browser partitions web content.
This makes the attack particularly relevant for organizations operating in environments where browsing privacy carries elevated importance — corporate networks handling sensitive data, or regions where surveillance and censorship create strong incentives for monitoring user activity. For the open-source community, FROST underscores a recurring challenge: application-level hardening has diminishing returns when the underlying hardware leaks information across shared subsystems.
Mitigation Challenges and Industry Implications
Defending against FROST is not straightforward. Potential countermeasures — including SSD I/O scheduling changes, timing randomization at the operating system level, and stricter origin isolation within browsers — each carry significant performance trade-offs or require deep, coordinated changes across multiple layers of the technology stack. Browser vendors, operating system developers, and storage hardware manufacturers would all need to collaborate on solutions.
For DevOps practitioners and cloud infrastructure teams, the attack raises questions about threat models that assume physical or kernel-level access is required for hardware-based surveillance. In shared cloud environments, where multiple tenants may coexist on the same physical storage, SSD timing side channels could theoretically enable cross-tenant information leakage — a concern that applies broadly to any multi-tenant infrastructure provider.
What Comes Next
It remains unclear how quickly FROST could be weaponized beyond a research setting, and which mitigation path — browser-level, OS-level, or firmware-level — offers the most practical route to remediation without unacceptable performance degradation. Browser vendors have not yet issued formal responses.
In the interim, security-conscious organizations may wish to consider browser compartmentalization strategies and monitor for advisories from major browser and OS vendors. The broader lesson is that as researchers continue to map the attack surface of shared hardware resources, the security community needs frameworks for reasoning about information leakage at every layer of the stack — not just the ones where defenses have traditionally been built.
格拉茨科技大學的研究人員展示了一種名為 FROST 的新型側信道攻擊,該攻擊能透過測量固態硬碟(SSD)運作的時序變化,來指紋識別用戶的瀏覽記錄與應用程式活動——而這一切僅需一個在背景運行、僅包含 JavaScript 的瀏覽器分頁即可實現。
FROST 如何運作
此攻擊利用了 SSD 上的共享資源爭用問題。惡意腳本利用瀏覽器的 Origin Private File System(OPFS)——一個提供直接檔案系統存取的逐源儲存 API——來執行精確的 SSD 時序測量。當另一個網頁載入或應用程式執行磁碟 I/O 操作時,產生的 SSD 活動會造成腳本可觀察到的時序差異。FROST 無需執行原生程式碼、不依賴瀏覽器擴充功能,也無需向用戶顯示權限提示。受害者只需開啟一個網頁並將該分頁保持在背景;其內嵌的 JavaScript 便會被動監控 SSD 的時序模式,進而推斷用戶正在訪問哪些其他網站或啟動哪些應用程式。
在測試中,研究人員在識別已訪問網站和活躍應用程式方面達到了 88.95% 的 F1 分數,證明了該技術具有高度可靠性。
據報導此發現的 The Hacker News 指出,此攻擊代表了側信道研究的一次重要升級,因為它將攻擊面從 CPU 微架構特性(即 Spectre 和 Meltdown 等知名漏洞所在的範疇)轉移至儲存層級,而後者基本上處於現有瀏覽器安全模型的範圍之外。
為何現有防禦措施不足
該研究揭示了應用程式層級安全控制與硬件層級資訊洩漏之間長期存在的差距。標準的瀏覽器緩解措施,例如限制使用 Cookie、站點隔離以及降低計時器精度,對 FROST 大致無效,因為此攻擊不依賴高精度的 JavaScript 時鐘或跨源數據共享。相反地,它讀取來自 SSD 爭用的間接信號,而此類信號不受瀏覽器如何分區網頁內容的影響。
這使得該攻擊對於在瀏覽私隱具有高度重要性的環境中運作的機構尤為相關——例如處理敏感數據的企業網絡,或因監控和審查而對監測用戶活動有強烈動機的地區。對於開源社群而言,FROST 再次凸顯了一個反覆出現的挑戰:當底層硬件透過共享子系統洩漏資訊時,應用程式層級的加固效果會遞減。
緩解挑戰與業界影響
防禦 FROST 並非易事。潛在的應對措施——包括改變 SSD I/O 排程、在作業系統層級進行時序隨機化,以及在瀏覽器內實施更嚴格的源隔離——每一項都伴隨著顯著的性能折衷,或需要跨技術堆疊多個層級進行深入、協調的變更。瀏覽器開發商、作業系統開發者以及儲存硬件製造商都需要共同合作尋求解決方案。
對於 DevOps 從業人員和雲端基礎設施團隊而言,此攻擊引發了對威脅模型的質疑,這些模型假設基於硬件的監控需要物理或核心層級的存取權限。在共享雲端環境中,多個租戶可能共存於同一物理儲存設備上,SSD 時序側信道理論上可能導致跨租戶資訊洩漏——這個問題廣泛適用於任何多租戶基礎設施供應商。
未來發展
目前尚不清楚 FROST 在研究環境之外能多快被武器化,以及哪種緩解途徑——瀏覽器層級、作業系統層級或固件層級——能在可接受的性能退化範圍內提供最實際的修復方案。瀏覽器開發商尚未發表正式回應。
在此期間,注重安全的機構可能希望考慮瀏覽器分區策略,並密切關注主要瀏覽器和作業系統供應商發布的公告。更廣泛的啟示在於,隨著研究人員持續繪製共享硬件資源的攻擊面,安全社群需要建立框架,用於推演技術堆疊每一層級的資訊洩漏問題——而非僅僅關注那些歷史上已建構防禦的層級。