RSS

Frost: Disk Drive Is the Snitch

daesorin1 pts0 comments

FROST: Your Disk Drive Is The Snitch - Proton

Proton

SubscribeSign in

FROST: Your Disk Drive Is The Snitch

Proton<br>Jun 10, 2026

48

13<br>13

Share

Most of the surveillance stories we’ve looked at here lately have involved things you can at least see when you walk past them: cameras at the gate, sensors on the shelf, a label adjusting a price as you move through space.<br>The latest entry on the list is rather more invisible. Researchers at Graz University of Technology in Austria, along with collaborators at Liebherr-Transportation Systems, have just unveiled a technique called FROST that lets a website work out which other websites and apps you have open, without you clicking a single thing.<br>You visit a page. That’s it. No popup, no permission prompt, no extension required. The page does its sniffing in the background while you read whatever you came for.<br>FROST stands for Fingerprinting Remotely using OPFS-based SSD Timing , and yes, it is exactly as dystopian as the acronym makes it sound.<br>What’s Happening Under The Hood

FROST is a contention side-channel attack . The general idea is straightforward: when several processes are all trying to use the same resource (your SSD, in this case) they slow each other down in small but measurable ways. If you can watch how long your own reads take, you can work backwards from the latency pattern to what everyone else on the system is doing.<br>Doing this on a stranger’s machine, from inside a browser sandbox, is the impressive bit. The researchers pull it off by exploiting a browser feature called the Origin Private File System (OPFS). OPFS is a relatively new API supported by Chrome, Firefox, and Safari that lets websites quietly create and read files on your local disk without ever asking you for permission. It exists for entirely legitimate reasons: in-browser IDEs, video editors, and productivity apps that need to cache real working files, but it hands the page direct, low-friction access to the physical drive.<br>The FROST attack works roughly like this. A malicious page:<br>Creates a huge OPFS file on your SSD, large enough to overflow the operating system’s memory cache, which is well within reach since Chrome and Safari will let a single origin claim up to 60% of your disk space without raising a flag (over 150GB on a 256GB drive).

Performs continuous random 4KB reads against that file, timing each one with high precision.

Whenever you open another website or fire up another application elsewhere on the machine, that activity creates SSD contention that shows up as latency spikes in the attacker’s read measurements.

A trained convolutional neural network turns those traces into educated guesses about what you’re doing.

On a test Mac, the researchers correctly identified visited websites with an F1 score of around 89% and running applications with around 96%. The covert-channel throughput is roughly 662 bits per second on Linux and 892 bits per second on macOS. That is not headline-grabbing bandwidth, but it is plenty for guessing tabs and apps. It works across different browsers on the same machine. It needs no native code, no kernel access, and no installed software, just a tab you happened to leave open.<br>The Vendors Said Roughly Nothing

The researchers responsibly disclosed FROST to Google, Apple, and Mozilla before publishing. The responses are worth reading carefully:<br>Google said it does not consider browser fingerprinting to be a security vulnerability.

Apple described the attack as “currently out of scope,” with possible mitigations in the future.

Mozilla acknowledged the findings but has not implemented any fix.

In other words, the three companies that ship some of the world’s most-used browsers have collectively said “ok, not my concern”.<br>Fingerprinting is treated as a known cost of doing business on the modern web, and a side channel that leaks tab and application data through a storage API is, apparently, not a fire worth putting out.<br>The paper is scheduled to be presented at the DIMVA conference in July 2026. So far, FROST has not been observed in the wild, which is the only genuinely reassuring sentence in this post.<br>What You Can Actually Do

This is a research demonstration, not a vulnerability advisory, and pulling FROST off in a real attack still requires a fair amount of engineering on the attacker’s side. Even so, given the vendor reaction, it is worth taking the usual precautions a little more seriously:<br>Close tabs you aren’t using. This is the simplest and most effective control. FROST needs its tab to be open and running in order to attack, and it can only fingerprint what is currently active. A browser with thirty open tabs is a browser leaking thirty data points.

Be wary of long-lived background tabs. The attack needs the malicious page to keep ticking over. Anything you stopped paying attention to last Tuesday is exactly the kind of tab that could quietly host this.

If you are technical, keep an eye on OPFS usage. Both Chrome and...

frost attack browser disk drive open

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.