Mit der Technik #FROST können Websites über #JavaScript die #SSD-Aktivität von Besuchern analysieren und so offene Tabs oder Apps erkennen.
Grundlage ist ein sogenannter #SideChannel, der Zeitunterschiede bei Speicherzugriffen im #Browser misst. Dafür wird das Origin Private File System genutzt.
Die Methode gilt als komplex, zeigt aber neue Risiken für den #Datenschutz. Browserhersteller prüfen Gegenmaßnahmen.
Websites have a new way to #spy on visitors: #analyzing their #SSD activity
source: arstechnica.com/security/2026/…
The #attack that #FROST uses is known as a contention side channel, which measures the interaction of various processes all using (or competing for) a given resource. By measuring the timing of certain I/O (input-output) operations of the SSD a #visitor is using, the researchers were able to determine the #websites open in other tabs—even on other browsers—and the apps that were open on the visitor’s device. FROST requires no interaction from the visitor other than opening the site hosting the attack.#news #web #www #browser #hardware #software #sidechannel #tracking #surveillance #privacy #internet #online #security #problem #computer #surfing #hack #hacker #software #cybersecurity
#Sidechannel attacks are alive and kicking, and now with #AI
#cybersecurity
https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/
We replicated the Scatter+Moran attack (ASHES@CCS 2021) and looked for ways to push it further with #AI, on a public masked+shuffled AES-128 dataset, in one afternoon.
✔ Replication in 1h ✔ 33% fewer traces ✔ MIA: 50k to 20k ✔ Full Rust in 2.5s
🔗 https://www.eshard.com/blog/revisiting-masked-aes-side-channel-attack-half-day-ai
#sidechannel #hardware #hardwarehacking #cybersecurity #ai #airesearch
Air gaps don't stop sound.
USAT (Ultrasonic Sub-Audible Trojan) — acoustic covert channel operating at 17–22kHz, inaudible, cross-device, no physical access required.
Full research: researchgate.net/publication/404012350
Modern Tale of Blinkenlights
Shows how hardware LED patterns can leak sensitive data, enabling side-channel attacks through optical emissions.
This blog post demonstrates how a modern variant of an hardware attack found in the 2000's allowed the extraction of a €12 smartwatch's firmware using only cheap and robust hardware. Damien and Thomas (introduced later in this post) gave a talk on this subject at this year's leHACK edition in Paris.
Ich kann meinen Account noch so stark absichern, #MFA, #biometrie, #faceid – es braucht manchmal bloß eine einzige Rechnungsnummer, um Zugang zu erhalten.
https://www.gamepro.de/artikel/psn-account-kann-gehackt-werden-mit-rechnung,3445381.html
Gutes Vergleichsbeispiel, um einen #sidechannel-Angriff auf Software zu erklären, denke ich.
Maßnahmen wie 2FA oder Passkeys sollen euren PSN-Account eigentlich vor Fremdzugriff schützen. Stattdessen reicht eine einfache Rechnung zum Hacken...
Tino Eberl
Script Kiddie
Timo Kissel
Bobe'bot on security
eShard
Caria Giovanni - Harpocrates
Annual Computer Security Applications Conference
kriware 
alip
Tech Jedi Alex