• Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Login
Join Free
Home
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Coming Soon
Job Board
Events
Contact Awards
USMC Deception Manual
Login
Join Free
Home Global Operations

FROST Attack Lets Websites Silently Identify Open Apps and Browsing via SSD Timing

  • SOFX Staff Writer
  • June 1, 2026
(Stenko Vlad / Shutterstock)
Share on FacebookShare on TwitterLinkedIn

Researchers at Graz University of Technology this week detailed a browser-based attack that identifies which websites and applications a visitor has opened by measuring solid-state drive (SSD) activity, requiring no permissions, software installation, or user interaction.

The technique, named FROST, short for Fingerprinting Remotely using OPFS-based SSD Timing, exploits the Origin Private File System (OPFS) API, a storage interface built into Chrome, Firefox, and Safari.

FROST deposits a large OPFS file on the target’s SSD, sized to exceed available RAM, forcing reads past the operating system’s page cache to the physical drive. Competing I/O activity from other open applications creates measurable latency spikes that a convolutional neural network (CNN) classifies to identify active sites and applications.

The researchers reported 88.95% accuracy for website identification and 95.83% for running applications. The attack functions across browsers, producing a minimal performance difference when the attacker and victim use different browsers.

Researchers unveil the FROST SSD fingerprinting attack. Learn how malicious JavaScript reads OPFS storage latency to track open tabs and background apps.#FROST #CyberSecurity #HardwareSecurity #PrivacyAlert #Infosec2026 #BrowserFingerprintinghttps://t.co/okMHTDEPvy pic.twitter.com/nNmMIzhDVH

— Gray Hats (@the_yellow_fall) May 29, 2026


The capability carries direct implications for defense and intelligence personnel.

A state-sponsored or compromised website could silently determine whether a visitor is running encrypted communications applications, virtual private network (VPN) clients, or other operational security tools, undetected.

Chrome and Safari allow a website to claim up to 60% of disk space through OPFS, exceeding 150GB on a standard 256GB drive. Researchers proposed capping file sizes within available RAM or requiring user consent. Google does not classify fingerprinting as a security vulnerability, making near-term fixes unlikely.

“In principle, it would be possible to train a model on any system activity that reliably generates SSD accesses,” lead author Hannes Weissteiner wrote in an email to Ars Technica.

There are no confirmed reports of FROST being used in active operations, and full attack verification has been completed only on macOS.

The research is scheduled for presentation at the DIMVA conference in July 2026.

SOFX Staff Writer

SOFX Staff Writer

The Editor Staff at SOFX comprises a diverse, global team of dedicated staff writers and skilled freelancers. Together, they form the backbone of our reporting and content creation.

Subscribe
Login
Notify of
guest
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
ADVERTISEMENT

Trending News

Army’s $469M Texas Munitions Plant Fails to Deliver a Single Shell Component

Army’s $469M Texas Munitions Plant Fails to Deliver a Single Shell Component

by SOFX Staff Writer
July 15, 2026
1

A contractor-operated plant in Mesquite, Texas, built to produce 30,000 155mm projectile components per month, has not delivered a single...

Pentagon Releases Fourth UAP Tranche, Including Space Shuttle Columbia Photographs

Pentagon Releases Fourth UAP Tranche, Including Space Shuttle Columbia Photographs

by SOFX Staff Writer
July 10, 2026
0

The Department of War released 40 previously classified files related to unidentified anomalous phenomena on Friday, adding photographs from a...

Viral Video Shows a Russian Gunner Flung From a Runaway Machine Gun

Viral Video Shows a Russian Gunner Flung From a Runaway Machine Gun

by SOFX Staff Writer
July 15, 2026
1

A viral video shows a Russian soldier thrown from a YakB-12.7 rotary machine gun during a training exercise after the...

Hegseth Orders Testosterone Screening for U.S. Troops

Hegseth Orders Testosterone Screening for U.S. Troops

by SOFX Staff Writer
July 16, 2026
4

War Secretary Pete Hegseth announced Wednesday that the U.S. military will begin annually screening service members aged 30 and older...

ADVERTISEMENT
ADVERTISEMENT
Next Post
Vivos xPoint Residents File $17 Million Suit as Lease Disputes Reach State Supreme Court

Vivos xPoint Residents File $17 Million Suit as Lease Disputes Reach State Supreme Court

AUKUS Signs Undersea Drone Deal With Interchangeable Payloads, Deliveries in 2027

AUKUS Signs Undersea Drone Deal With Interchangeable Payloads, Deliveries in 2027

997 Morrison Dr. Suite 200, Charleston, SC 29403

News

  • Global Operations
  • Special Interest
  • Industry
  • Global Operations
  • Special Interest
  • Industry

Resources

  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
No Result
View All Result
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Subscribe
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.

Log in to your account

Lost your password?
wpDiscuz