New Browser Surveillance Method: How Websites Spy on SSD Activity

Cybersecurity researchers have introduced a new attack method named FROST (Filesystem Read Operations Side-channel Timing). It enables websites to monitor users' hard drive activity via standard browser JavaScript, without requiring additional software or extensions.

The method works by measuring timing delays during SSD access. When a browser loads a page, the script captures microscopic fluctuations in disk response time, which occur during data read or write operations. These fluctuations can indicate specific user actions, such as opening files or launching applications.

Experts note that FROST can bypass traditional security mechanisms, including browser sandboxes or tracker blockers. The method operates even in incognito mode and leaves no obvious traces in system logs. While still under investigation, the technology has already raised concerns among data protection professionals.

To mitigate risks, experts recommend using browsers with enhanced process isolation and keeping systems updated. However, fully protecting against such attacks remains challenging at this stage, as they exploit fundamental hardware characteristics.