I’d say your reading is pretty much correct. I don’t know how much SSD variance would really impact things, but the extent to which it does would have to do with however the neural network was trained. The more robustly that model is able to discern what is and is not running based on the SSD analyses, the more plausible and reliable this attack is. I think that’s where the bulk of the “techno-babble” aspect comes into play.
The reported attack is really messed up from a privacy perspective, but I also think it’s not EXTREMELY viable in reality, due to the mentioned constraints (in particular the large file size requirement). There are two aspects here: 1. a web browser can snoop SSD behavior (❗), 2. if you run that data through an appropriately trained model, perhaps the sky’s the limit (☹️).
The wackest part is that a web browser can analyze SSD behavior. That’s just messed up. The fact that nerds were then like “yo, let’s train an ML model on this to tell what the user is doing on their computer” is also nuts, of course, but obviously that threat is mitigated presuming nefarious actors aren’t given carte blanche access to one’s hard drive behavior in the first place. It also seems plausible that you could maybe break such a model by running a program specifically designed to disguise SSD usage, not to mention other isolation approaches already referenced in the article.
But so yeah, being able to snoop on SSD activity is insane. Training a model on that activity is where it gets more techno-babbley, but they also showed it can at least be done on an M2. There’s no reason to think it couldn’t similarly be done for other systems, OSes, applications, and configurations, but of course the wider they cast that net, the trickier it likely is to viably train the model(s).
I’d say your reading is pretty much correct. I don’t know how much SSD variance would really impact things, but the extent to which it does would have to do with however the neural network was trained. The more robustly that model is able to discern what is and is not running based on the SSD analyses, the more plausible and reliable this attack is. I think that’s where the bulk of the “techno-babble” aspect comes into play.
The reported attack is really messed up from a privacy perspective, but I also think it’s not EXTREMELY viable in reality, due to the mentioned constraints (in particular the large file size requirement). There are two aspects here: 1. a web browser can snoop SSD behavior (❗), 2. if you run that data through an appropriately trained model, perhaps the sky’s the limit (☹️).
The wackest part is that a web browser can analyze SSD behavior. That’s just messed up. The fact that nerds were then like “yo, let’s train an ML model on this to tell what the user is doing on their computer” is also nuts, of course, but obviously that threat is mitigated presuming nefarious actors aren’t given carte blanche access to one’s hard drive behavior in the first place. It also seems plausible that you could maybe break such a model by running a program specifically designed to disguise SSD usage, not to mention other isolation approaches already referenced in the article.
But so yeah, being able to snoop on SSD activity is insane. Training a model on that activity is where it gets more techno-babbley, but they also showed it can at least be done on an M2. There’s no reason to think it couldn’t similarly be done for other systems, OSes, applications, and configurations, but of course the wider they cast that net, the trickier it likely is to viably train the model(s).