I’d say your reading is pretty much correct. I don’t know how much SSD variance would really impact things, but the extent to which it does would have to do with however the neural network was trained. The more robustly that model is able to discern what is and is not running based on the SSD analyses, the more plausible and reliable this attack is. I think that’s where the bulk of the “techno-babble” aspect comes into play.
The reported attack is really messed up from a privacy perspective, but I also think it’s not EXTREMELY viable in reality, due to the mentioned constraints (in particular the large file size requirement). There are two aspects here: 1. a web browser can snoop SSD behavior (❗), 2. if you run that data through an appropriately trained model, perhaps the sky’s the limit (☹️).
The wackest part is that a web browser can analyze SSD behavior. That’s just messed up. The fact that nerds were then like “yo, let’s train an ML model on this to tell what the user is doing on their computer” is also nuts, of course, but obviously that threat is mitigated presuming nefarious actors aren’t given carte blanche access to one’s hard drive behavior in the first place. It also seems plausible that you could maybe break such a model by running a program specifically designed to disguise SSD usage, not to mention other isolation approaches already referenced in the article.
But so yeah, being able to snoop on SSD activity is insane. Training a model on that activity is where it gets more techno-babbley, but they also showed it can at least be done on an M2. There’s no reason to think it couldn’t similarly be done for other systems, OSes, applications, and configurations, but of course the wider they cast that net, the trickier it likely is to viably train the model(s).
It seems to me that Apple products would be the most susceptible to this, as there are a limited number of hardware variations as well as a walled garden for software.
The article mentions it technically being possible to do on a Linux machine, but I doubt it would be as easy to get conclusive data from it, when the SSD could be any size or brand and the software it could be running is nigh-limitless. I don’t doubt it could extract some data, I just don’t think it would have the level of granular detail they’re saying they got on the M2.
I’m wondering whether having separate partitions on a drive would be enough to defend against this, or whether you would need actually physically separate drives.
I’d say your reading is pretty much correct. I don’t know how much SSD variance would really impact things, but the extent to which it does would have to do with however the neural network was trained. The more robustly that model is able to discern what is and is not running based on the SSD analyses, the more plausible and reliable this attack is. I think that’s where the bulk of the “techno-babble” aspect comes into play.
The reported attack is really messed up from a privacy perspective, but I also think it’s not EXTREMELY viable in reality, due to the mentioned constraints (in particular the large file size requirement). There are two aspects here: 1. a web browser can snoop SSD behavior (❗), 2. if you run that data through an appropriately trained model, perhaps the sky’s the limit (☹️).
The wackest part is that a web browser can analyze SSD behavior. That’s just messed up. The fact that nerds were then like “yo, let’s train an ML model on this to tell what the user is doing on their computer” is also nuts, of course, but obviously that threat is mitigated presuming nefarious actors aren’t given carte blanche access to one’s hard drive behavior in the first place. It also seems plausible that you could maybe break such a model by running a program specifically designed to disguise SSD usage, not to mention other isolation approaches already referenced in the article.
But so yeah, being able to snoop on SSD activity is insane. Training a model on that activity is where it gets more techno-babbley, but they also showed it can at least be done on an M2. There’s no reason to think it couldn’t similarly be done for other systems, OSes, applications, and configurations, but of course the wider they cast that net, the trickier it likely is to viably train the model(s).
It seems to me that Apple products would be the most susceptible to this, as there are a limited number of hardware variations as well as a walled garden for software.
The article mentions it technically being possible to do on a Linux machine, but I doubt it would be as easy to get conclusive data from it, when the SSD could be any size or brand and the software it could be running is nigh-limitless. I don’t doubt it could extract some data, I just don’t think it would have the level of granular detail they’re saying they got on the M2.
I’m wondering whether having separate partitions on a drive would be enough to defend against this, or whether you would need actually physically separate drives.