New Vulnerability Allows Websites to Track Users via SSD

Austrian cybersecurity experts have identified a new method of tracking users. This technique, called FROST (Fingerprinting Remotely using OPFS-based SSD Timing), allows websites to gather information about computer activity via solid-state drives (SSDs). The most dangerous aspect is that no malware installation or clicking on suspicious links is required to carry out the attack — simply visiting a specific site is enough. Ixbt.com reports on this. reports .

The attack mechanism relies on the performance characteristics of SSD devices and the browser's temporary data storage system. When a site is opened, it creates a multi-gigabyte file, forcing the disk to work actively. While the SSD is busy with this file, the site measures delays in data access. These timing indicators depend on other processes occurring on the disk.

Researchers analyzed these delays using a Machine Learning model. As a result, they managed to determine which sites the user is visiting with 88.95% accuracy and which applications are being used with 95.83% accuracy. The attack is independent of the browser type: for example, a site opened in Google Chrome can track activity in Mozilla Firefox or other programs.

Although experiments were conducted on Linux and macOS systems, experts emphasize that this method is also dangerous for Windows users. According to study author Hannes Weissteiner, the model can be trained to recognize any activity that regularly accesses the SSD. This means the scope of surveillance is much broader than just simple websites.

Unlike traditional cookies or tracking pixels, FROST exploits the physical characteristics of the device, making it much harder to detect and block. There is currently no ready-made solution to this problem. Experts believe that eliminating the vulnerability requires significant changes to the data storage mechanisms of browsers and web technologies.