Websites have a new way to spy on visitors: analyzing their SSD activity
摘要
一项名为FROST(基于OPFS的SSD时序远程指纹识别)的新技术,允许网站通过测量访问者固态硬盘的细微交互来监控其正在浏览的其他网站及设备上打开的应用程序。该技术利用侧信道攻击,通过测量任务完成时间等物理表现来推断机密数据。研究论文揭示了这种新型隐私入侵手段,进一步扩大了网站对用户进行隐蔽追踪的方式范围。
Over the decades, there has been no shortage of sites using clever techniques to covertly track visitors’ browsing histories, device fingerprints, and log keystrokes and mouse movements in real time. Even Meta and Yandex were recently caught joining in the privacy-invasive free-for-all.
Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices.
A side channel based on contention
The technique, laid out in a research paper, exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data.
转载信息
评论 (0)
暂无评论,来留下第一条评论吧