this post was submitted on 28 May 2026
155 points (98.1% liked)

Technology

84965 readers
3822 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
155
Researchers say they can spy on your browsing by measuring SSD activity through a browser API (www.tomshardware.com)
submitted 4 hours ago by throws_lemy@reddthat.com to c/technology@lemmy.world
42 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] partial_accumen@lemmy.world 4 points 57 minutes ago* (last edited 55 minutes ago)

The actual paper (PDF) this is based on gives much better information than the article. From that we get some really key information:

To allow FROST to measure SSD contention, the victim must perform activities that result in storage accesses to the same disk as the file used for contention measurement

This can't ready your SSD. It can only listen in on the conversation between your CPU and SSD when something else reads it or writes to it. The whole FROST approach has a number of clever tricks to generate reads from open applications though. Further, it requires the attacker's code to be running in an active browser session.

Also, If you have two SSDs, and your browser is on one, this FROST approach can't see anything written to or read from on the other SSD.

Lastly, there's a mention in the paper about hardware based SSD encryption being vulnerable, there's no mention of Software Whole Disk Encryption. Given how the researchers are using the SSD timing exploit, I would guess that a software (not hardware) whole disk encryption might be immune to this attack because the patterns of timings would be different with encrypted data being written to the SSD (instead of the data being encrypted by the SSD when written.