Hannes WeissteinerAnnouncing my latest first-author paper, accepted to #DIMVA2026:
❄️ FROST: Fingerprinting Remotely using OPFS-based SSD Timing.
While SSD contention-based side channels have been demonstrated from native code before, we bring them to the browser.
We use the Origin-Private File System (OPFS), which allows any website to use up to 10GB (Firefox), or 60% of total disk space (other browsers), from JavaScript, without any user interaction or special permissions.
We use a file larger than system RAM to measure SSD latencies, bypassing the page cache to guarantee disk access.
From the resulting traces, we can infer website visits (even across browsers!) and application startups.
While we did most of our evaluations on macOS, the underlying mechanisms are platform-agnostic.
This is a feature, not a bug!
Read the paper here: https://hannesweissteiner.com/publications/frost/
Thanks to Tobias Weiser, @wayna, @vmcall, Fabian Rauscher, Jonas Juffinger and @lavados for the collaboration!
DIMVA Conference