Summary

A new attack method named FROST allows malicious websites to track which sites and apps users open by exploiting SSD timing via JavaScript. This attack does not require any native code, extensions, or permission prompts, making it a stealthy threat.

Key Points

• The FROST attack uses JavaScript to monitor SSD timing to determine user activity.
• It requires no additional permissions or extensions to execute.
• Users are vulnerable simply by opening a malicious webpage and leaving the tab open.
• The attack was developed by researchers at Graz University of Technology.

Analysis

The FROST attack represents a significant privacy threat as it can covertly monitor user activity without requiring any explicit permissions or installations. This highlights a novel method of exploiting hardware characteristics, specifically SSD timing, to breach user privacy. The fact that it uses only JavaScript increases its potential reach and impact, as JavaScript is widely used across the web.

Conclusion

IT professionals should be aware of the FROST attack and consider implementing additional security measures such as monitoring for unusual SSD activity and educating users about the risks of leaving tabs open on untrusted websites.