Security researchers have discovered a concerning new side-channel attack that bypasses traditional security protections to monitor user behavior without detection. Dubbed FROST, this sophisticated technique allows malicious websites to determine which other sites users visit and applications they open simply by analyzing the timing patterns of their solid-state drives (SSDs). The attack represents a significant advancement in browser-based exploitation techniques, enabling surveillance without requiring any special permissions, browser extensions, or native code execution.

The FROST attack, developed by researchers at Graz University of Technology, operates entirely within JavaScript code that runs silently when a user visits a compromised webpage. Once loaded, the script remains active in the background, monitoring access patterns to the SSD. By carefully analyzing timing variations in drive operations, the attack can infer when the user opens specific applications or visits particular websites that create detectable drive activity patterns. This means that a seemingly harmless webpage could be collecting detailed information about a user's digital behavior without their knowledge or consent.

Anyone browsing the internet with an SSD-equipped