Websites can now spy on your system activity by analyzing SSD latency patterns through a side-channel attack known as FROST. This technique operates entirely within the browser using JavaScript and the Origin Private File System (OPFS), an API that allows websites to manage high-performance storage. By measuring the input and output speeds of the storage drive, a convolutional neural network can accurately deduce which other browser tabs are open, which browser you are using, and even which specific apps are running on your computer.
The attack is particularly dangerous because it requires no user interaction and bypasses traditional security permissions. To mitigate the risk of storage-based tracking, security experts recommend several practical steps:
- Close unnecessary tabs to reduce the measurable I/O noise available to malicious sites.
- Monitor the creation and size of OPFS files allocated by unfamiliar domains.
- Stay alert for unusual performance dips that could indicate a site is running heavy storage-based diagnostics.
Because the FROST method relies on legitimate browser storage endpoints, it remains a difficult threat for standard antivirus software to detect, making proactive tab management your best line of defense.
