While each file system is sandboxed, meaning it is isolated from other websites and device systems, JavaScript can measure I/O interactions. Then, by running those interactions through a pre-trained convolutional neural network – a system that uses deep learning to analyze text, audio and images – the attacker can detect the different apps and websites open on the device.
“The attacker continuously measures SSD contention by performing random reads from a large OPFS file,” the researchers explained. “SSD contention caused by user activity causes measurable latency differences for these read operations. By training a Convolutional Neural Network (CNN) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model.”
Technology has its limitations. First, the OPFS file must be very large – possibly gigabytes or more. That requirement means that large-scale attacks will inevitably be detected by many users. Additionally, the OPFS file must be stored on the same SSD that the visitor is using. This is usually not a problem when tracking open websites, as the OPFS file is stored in the default location of the browser. In case the apps are using a separate SSD drive for the apps, those apps could not be detected by FROST.
The best way to prevent FROST attacks is to close tabs as soon as they are no longer needed. More savvy users can monitor the creation and size of OPFS files allocated by unknown websites. The researchers proposed ways for browser manufacturers to turn off side channels. One such method is to limit the maximum size of files that are allowed. There is no indication that frost attacks have been carried out in the forest.
Researchers conducted full Frost attack on M2 Mac. On Linux, they showed that the built-in primitive (measuring SSD access latency traces from JavaScript) works, but did not run the full attack.
“However, since the performance of the primitive is similar between macOS and Linux, we expect similar performance for full classification,” Hannes Weisteiner, one of the co-authors, wrote in an email. “In theory, it would be possible to train a model on any system activity that reliably generates SSD accesses.”
The researchers did not test Windows.
The paper linked above provides many more technical details. The research is scheduled to be presented at the DIMVA conference in July.
<a href