Skip to content

Side-Channel Attack via SSD Access Times Enables User Fingerprinting

Bottom line: Side-channel attacks via SSD timing enable user fingerprinting through browser JavaScript alone, without classical malware.

Researchers have demonstrated with the side-channel attack “FROST” that web browsers can measure access times to Solid-State Drives and draw conclusions about user data from them. This opens up new attack scenarios without direct system access.

The attack method “FROST” exploits timing side-channels to derive sensitive information about user behavior. JavaScript in the browser measures access times to data stored on SSDs. These times depend on whether the requested information is in the cache or must first be loaded from the physical hardware – a subtle, but measurable difference.

The side-channel attack allows attackers to create a digital profile of users without the need for malware or exploits. Browser JavaScript can access these timing differences and, through repeated measurements, infer which files or processes are in the cache or have been recently executed. This can reveal information about installed software, opened files, or browsing history.

For CISOs, this is relevant because the attack is difficult to detect: it constitutes legitimate behavior from a system logs perspective, no anomalous network activity, and no classical malware indicators. The danger lies in the accumulation of smallest pieces of information into a usable profile. Under NIS2 requirements, organizations must consider such side-channels as a risk in their threat model and evaluate browser isolation and timing obfuscation.


Source: www.heise.de · Published 29 May 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.2.0.

Share on: