Any non-dummies out there willing to dummy this down for me?
If I’m picking up what was being put down, websites typically reserve a small amount of space on a hard drive for any given website to install scripts they need to function. This is done as a matter of course, and is largely the modern Internet working as intended (for better or worse). However, in this case, a compromised website could instruct my browser to reserve a gig or more of space to deploy or install this FROST script. This reports back to the attacker what programs are competing for resources on my computer, including my individual browser tabs and what sites those tabs contain. It can do this despite the location where browsers let websites install/run scripts being nominally sandboxed away from the rest of the drive. It does this by measuring the latency of certain I/O operations occurring on the drive, and feeding that information through some sort of neural network.
Assuming that is generally correct from a layman’s POV, how exactly is that latency information sufficient to determine what programs or websites I have open? Wouldn’t different models of SSD (or even different SSDs of the same type) have minor variations in performance which would make this impossible? Hell, how does the script even know that it is installed on an SSD and not an HDD?
Not saying it untrue, because obviously the folks that discovered this know a touch more about computers than me, but, if this explanation were trotted out in a thriller movie (“well, President Ryan, we know the location of the terrorists’ hideout because we were able to measure the latency of their hard drive, which revealed they were placing an Amazon order in the other tab”), I’d chalk it up to techno-babble nonsense.
I’d say your reading is pretty much correct. I don’t know how much SSD variance would really impact things, but the extent to which it does would have to do with however the neural network was trained. The more robustly that model is able to discern what is and is not running based on the SSD analyses, the more plausible and reliable this attack is. I think that’s where the bulk of the “techno-babble” aspect comes into play.
The reported attack is really messed up from a privacy perspective, but I also think it’s not EXTREMELY viable in reality, due to the mentioned constraints (in particular the large file size requirement). There are two aspects here: 1. a web browser can snoop SSD behavior (❗), 2. if you run that data through an appropriately trained model, perhaps the sky’s the limit (☹️).
The wackest part is that a web browser can analyze SSD behavior. That’s just messed up. The fact that nerds were then like “yo, let’s train an ML model on this to tell what the user is doing on their computer” is also nuts, of course, but obviously that threat is mitigated presuming nefarious actors aren’t given carte blanche access to one’s hard drive behavior in the first place. It also seems plausible that you could maybe break such a model by running a program specifically designed to disguise SSD usage, not to mention other isolation approaches already referenced in the article.
But so yeah, being able to snoop on SSD activity is insane. Training a model on that activity is where it gets more techno-babbley, but they also showed it can at least be done on an M2. There’s no reason to think it couldn’t similarly be done for other systems, OSes, applications, and configurations, but of course the wider they cast that net, the trickier it likely is to viably train the model(s).
It seems to me that Apple products would be the most susceptible to this, as there are a limited number of hardware variations as well as a walled garden for software.
The article mentions it technically being possible to do on a Linux machine, but I doubt it would be as easy to get conclusive data from it, when the SSD could be any size or brand and the software it could be running is nigh-limitless. I don’t doubt it could extract some data, I just don’t think it would have the level of granular detail they’re saying they got on the M2.
I’m wondering whether having separate partitions on a drive would be enough to defend against this, or whether you would need actually physically separate drives.
You wonder, where does it end?
It ends where you disable js
Luckely iets already disabled for me 😊 but still…
The fact that we need to disable stuff in order tot gain back a little privacy.
they will only stop at reading your thoughts in real time and even then.
neuralink implants, anyone?
Yay for not using ECMAScript or WebDRM in my browser. And using spinning HDDs.
