Key Points
- FROST uses JavaScript to measure SSD I/O timing, creating a side channel that leaks info about other tabs and apps.
- No user interaction needed — just opening the malicious site triggers the spying.
- The attack works across different browsers and can detect what other websites are open.
- Researchers exploited the OPFS (origin private file system) that websites can create without asking permission.
- This is the first browser-only SSD contention side-channel attack — previous ones required installed software.
Why It Matters
This is crazy because your SSD is basically tattling on you without permission. Websites don't need to ask for access to your files — they just create a tiny sandboxed storage space and measure how fast your drive responds. That timing reveals what other tabs and apps are doing. It's like having a nosy neighbor who can hear which TV channels you're watching through the wall. And since it works across different browsers, there's no easy escape — even if you switch to Chrome, Firefox, or Edge, your SSD is still blabbing your secrets.
