Researchers have discovered a technique that allows websites to monitor your hard drive activity using JavaScript in your browser. This was revealed on June 1, 2026, by security expert Dan Goodin. The method, known as FROST, exploits the characteristics of solid-state drives (SSDs).
The FROST technique measures the time it takes for an SSD to perform certain operations, allowing a website to infer what data is being accessed. This is possible because SSDs have distinct activity patterns that can be detected remotely. The discovery highlights a previously unknown vulnerability in modern storage technology.
The FROST technique works by using JavaScript to execute a series of operations that interact with the SSD. By analyzing the time it takes for these operations to complete, a website can determine whether the SSD is currently being accessed. This information can be used to track a user's browsing history or identify sensitive data.
The technique is particularly concerning because it does not require any additional permissions or malware to be installed on the user's device. It can be executed simply by visiting a malicious website.
The discovery of the FROST technique raises significant concerns about the security of user data. If exploited, this vulnerability could allow malicious actors to gain insight into a user's browsing habits or sensitive information. As the use of SSDs becomes increasingly widespread, the potential impact of this vulnerability grows.
The consequences of this discovery are far-reaching, and it is likely that browser developers and SSD manufacturers will need to work together to mitigate this threat.
What is the FROST technique? The FROST technique is a method that allows websites to monitor SSD activity using JavaScript. It exploits the distinct activity patterns of SSDs.
Can I protect myself from the FROST technique? Users can potentially protect themselves by using older storage technologies or by implementing specific security measures in their browsers.
How serious is this vulnerability? This vulnerability is considered serious, as it allows malicious actors to gain insight into a user's browsing habits or sensitive information without requiring additional permissions or malware.