While each file system is isolated from other websites and the device system, JavaScript can measure I/O interactions. Then, by carrying out these interactions in a pre-designed way convolutional neural network— a system that uses deep learning to analyze text, audio and images — can extract the various apps and websites open on an attacker’s device.
“The attacker continuously measures SSD contention by performing random reads from a large OPFS file,” the researchers said. “SSD contention caused by user activity causes measurable latency differences for these read operations. By training a convolutional neural network (CNN) on these traces, an attacker can learn fingerprint user activity on the host system by classifying new traces using the trained model.”
The technique has its limitations. First, the OPFS file must be quite large—probably a gigabyte or more. This requirement means that attacks at scale will inevitably be detected by many users. Additionally, the OPFS file must be stored on the same SSD used by the visitor. Since the OPFS file is stored in the browser’s default location, this usually isn’t a problem for browsing open websites. When applications use a separate SSD drive for applications, those applications cannot be detected by FROST.
One of the best ways to prevent FROST attacks is to close tabs as soon as they are no longer needed. More savvy users can control the creation and size of OPFS files shared by unknown websites. Researchers have suggested ways for browser manufacturers to block the side channel. One such method is to limit the maximum size of allowed files. There is no indication that FROST attacks have been carried out in the wild.
The researchers ran the full Frost attack on an M2 Mac. On Linux, they showed that the basic primitive (measuring access latency traces from JavaScript to SSD) worked, but did not perform the full attack.
“However, since the performance of the primitive is similar between macOS and Linux, we expect similar performance for full classification,” co-author Hannes Weissteiner wrote in an email. “In principle, it would be possible to develop a model of any system activity that reliably generates SSD accesses.”
The researchers did not test Windows.
The document linked above provides more technical details. The presentation of the study is planned DIMVA conference in July.
