graphwiz.ai
← Back to security

The FROST Attack: SSD Timing Side-Channels Through a Graph Lens

securityside-channelssdjavascriptprivacygraph-theorybrowser-security

A website you visit can now determine what other sites you have open – just by measuring how fast your SSD responds. No installation, no special permissions, just standard JavaScript. This is the essence of FROST (Fingerprinting Remotely using OPFS-based SSD Timing), a novel side-channel attack unveiled by researchers at Graz University of Technology at DIMVA 2026. FROST transforms subtle hardware timing variations into a powerful tool for behavioural graph reconstruction, redefining the landscape of browser privacy and security.

How FROST Works: Exploiting OPFS for Covert Timing

At its core, FROST leverages the Origin Private File System (OPFS) API, a relatively new W3C standard designed to give web applications a high-performance, private file system within the browser sandbox. While OPFS offers significant benefits for client-side storage, the Graz researchers identified a critical side-effect: its direct interaction with the underlying solid-state drive (SSD) exposes timing variations that can be measured with high precision.

The attack unfolds in several steps:

  1. OPFS File Operations: A malicious script within a web page uses the OPFS API to repeatedly create, write to, and read from small files. These operations are carefully crafted to generate I/O requests that directly hit the physical SSD.
  2. Timing Measurement: The script precisely measures the time taken for these OPFS file operations to complete.
  3. Contention Inference: When multiple applications or browser tabs simultaneously access the SSD, they create contention. This contention manifests as measurable delays in the OPFS file operations. By observing these delays, the attacker can infer when other I/O-heavy activities are occurring on the system.
  4. Fingerprinting: Each website or application exhibits a unique I/O access pattern. By correlating the observed SSD contention timings with known patterns, the attacker can fingerprint other running applications or active browser tabs.

A key innovation enabling FROST is its ability to bypass the operating system's page cache. Modern OSes aggressively cache disk I/O to improve performance, which would typically obscure the direct SSD timing variations needed for a side-channel attack. FROST circumvents this by performing specific, rapid I/O sequences that force cache misses, ensuring that measurements reflect actual SSD response times. This allows for remarkably fast and accurate measurements from within the browser's JavaScript sandbox, without requiring any native code execution or elevated permissions.

The effectiveness of this covert channel is striking. Researchers demonstrated a covert channel capacity of 661.63 bit/s on Linux systems and an even higher 891.77 bit/s on macOS, showcasing its potential for exfiltrating significant amounts of information.

Here is a conceptual JavaScript snippet demonstrating the core timing measurement idea:

async function measureOpfsWriteTime(fileName, dataSize = 4096) {
  const root = await navigator.storage.getDirectory();
  const fileHandle = await root.getFileHandle(fileName, { create: true });
  const writable = await fileHandle.createWritable();

  const data = new Uint8Array(dataSize).fill(0xAA); // Example data
  const startTime = performance.now();
  await writable.write(data);
  await writable.close();
  const endTime = performance.now();

  // Clean up
  await root.removeEntry(fileName);

  return endTime - startTime; // Time in milliseconds
}

// Example usage:
// (async () => {
//   const writeTime = await measureOpfsWriteTime('temp_file_123.bin');
//   console.log(`OPFS write took: ${writeTime.toFixed(2)} ms`);
// })();

Performance and Accuracy

The practical implications of FROST are considerable. The attack demonstrates high accuracy in fingerprinting user activity:

  • Website Fingerprinting: FROST achieved an F1 score of 88.95% for identifying the top-50 most visited websites based on their unique SSD access signatures. This means a malicious site could reliably infer which other popular sites a user has open.
  • Application Fingerprinting: On macOS, the attack reached an impressive F1 score of 95.83% for fingerprinting desktop applications. Imagine visiting a benign-looking webpage that subtly detects if you are running specific productivity software, development tools, or even sensitive applications.

The Graph Angle: Reconstructing Behavioural Patterns

Where FROST truly innovates is in its "graph lens" approach to side-channel analysis. Every interaction with an SSD – whether it is loading a webpage, launching an application, or saving a document – leaves a temporal signature. Over time, these individual signatures can be aggregated to form a sophisticated behavioural graph.

In this graph:

  • Nodes: Represent distinct entities, such as specific websites, web applications, or desktop applications.
  • Edges: Represent temporal co-occurrence. An edge exists between two nodes if their respective SSD access patterns were observed within the same time window, suggesting they were active concurrently.
  • Edge Weights: The weight of an edge signifies the confidence or frequency of co-occurrence. Stronger weights indicate more frequent or prolonged simultaneous activity.

The FROST attack effectively reconstructs this behavioural graph from the outside. By continuously monitoring SSD contention, an attacker can build a picture of how a user interacts with different digital entities. This allows for powerful inferences about user habits, interests, and even identity.

Conceptual Behavioural Graph Example

Consider a simplified scenario where an attacker monitors SSD activity over a period. They might observe the following co-occurrence patterns:

Node A (Website/App)Node B (Website/App)Observed Co-occurrenceInferred Relationship
SocialMedia.comNewsSite.orgHighUser browses news while checking social media.
DevIDE.appDocs.ioVery HighDeveloper frequently consults documentation while coding.
ShoppingSite.co.ukPaymentGateway.comMediumUser initiates purchases.
SocialMedia.comVideoStream.netLowOccasional background video playback during social browsing.
WorkChat.appCalendar.appHighUser manages schedule and communicates during work hours.

From such observations, an attacker could infer a user's professional role (e.g., developer), personal interests (e.g., shopping habits), and daily routines. The graph becomes a rich source of metadata, far more revealing than isolated data points.

Defences Against FROST

Addressing the FROST attack requires a multi-faceted approach, as it exploits fundamental aspects of hardware interaction and browser design:

  • Browser Sandboxing Limitations: While browsers employ robust sandboxing, FROST demonstrates that even seemingly innocuous APIs can expose low-level hardware timing. Future browser designs may need to further restrict timing channel precision or introduce noise into such measurements.
  • OPFS Timing Granularity Restrictions: Limiting the precision of timing information exposed by APIs like OPFS could mitigate the attack. However, this might negatively impact legitimate use cases that rely on high-performance I/O.
  • Compartmentalisation: Operating systems like Qubes OS, which strongly compartmentalise applications and their I/O, offer a more robust defence. By isolating browser instances and other applications into separate virtual machines, the shared hardware resource (SSD) contention would be significantly reduced or made unobservable across compartments.
  • Randomised I/O Scheduling: At the operating system level, introducing randomised delays or obfuscating I/O request ordering could make it harder for an attacker to correlate timing variations with specific activities.

Broader Implications: A Trend Towards Reduced Privilege

FROST is not an isolated incident but rather the latest in a series of sophisticated browser-based side-channel attacks originating from Graz University of Technology. Previous notable attacks include:

  • SnailLoad: Exploited network latency differences to fingerprint user activity.
  • Secret Spilling Drive: Leveraged the native io_uring API to perform more direct SSD timing measurements, though this required higher privileges than FROST.

The trend is clear and concerning: each successive attack moves further into the browser's userland, requiring progressively fewer privileges. SnailLoad operated at the network level, Secret Spilling Drive needed a more privileged API, but FROST achieves its goals with standard JavaScript and the OPFS API, which is intended for general web use. This trajectory highlights a continuous erosion of the browser's security model, where the line between legitimate web functionality and privacy-invasive side-channels becomes increasingly blurred.

As knowledge graphs become central to understanding complex systems, the FROST attack demonstrates their potential for both defence and offence. By revealing how behavioural graphs can be inferred from seemingly innocuous side-channel data, it underscores the urgent need for more robust privacy protections in web browsers and operating systems alike. The battle for digital privacy is increasingly being fought at the micro-timing level, and a graph-theoretic understanding of these interactions will be crucial for both attackers and defenders in the years to come.