FROST SSD Timing Attack Signals Escalation in Passive Web Surveillance

The FROST technique from Graz University of Technology transforms the Origin Private File System into a hardware oracle, allowing any origin to fingerprint concurrent disk activity without permissions or native execution. While The Hacker News coverage accurately describes the OPFS abuse and 88%+ F1 accuracy against top sites, it underplays the shift from prior local-only attacks like Secret Spilling Drive to fully remote operation. This builds directly on the lab's SnailLoad work, where network latency alone sufficed for inference, now augmented by storage contention measurable via sharpened performance.now() under cross-origin isolation. Mainstream reporting overlooks integration risks with existing fingerprinting stacks documented in papers such as 'Browser Fingerprinting: A survey' (IEEE TDSC, 2023) and the 2024 OPFS specification updates, enabling persistent cross-session tracking even behind VPNs. In intelligence contexts, state actors could embed FROST in watering-hole sites to map target application usage and exfiltrate via the demonstrated 700 bit/s covert channel, bypassing air-gapped assumptions on single-drive systems. Defenses remain stalled as vendors classify it outside security scope, exposing a systemic blind spot in browser sandbox design amid rising hardware side-channel adoption.