Websites have a new way to spy on visitors: analyzing their SSD activity
Websites have a new way to spy on visitors: analyzing their SSD activity
网站有了监视访客的新手段:分析其固态硬盘(SSD)活动
Over the decades, there has been no shortage of sites using clever techniques to covertly track visitors’ browsing histories, device fingerprints, and log keystrokes and mouse movements in real time. Even Meta and Yandex were recently caught joining in the privacy-invasive free-for-all. Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices.
几十年来,各种网站一直在使用巧妙的技术秘密追踪访客的浏览历史、设备指纹,并实时记录键盘敲击和鼠标移动。甚至连 Meta 和 Yandex 最近也被曝参与了这种侵犯隐私的乱象。现在,网站又有了监视访客的新手段:测量访客与固态硬盘(SSD)之间的细微交互。这项名为 FROST(基于 OPFS 的 SSD 定时远程指纹识别)的技术,允许网站监控访客正在浏览的其他网页以及设备上运行的应用程序。
A side channel based on contention
基于资源竞争的侧信道
The technique, laid out in a research paper, exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data. The attack that FROST uses is known as a contention side channel, which measures the interaction of various processes all using (or competing for) a given resource. By measuring the timing of certain I/O (input-output) operations of the SSD a visitor is using, the researchers were able to determine the websites open in other tabs—even on other browsers—and the apps that were open on the visitor’s device.
这项在一篇研究论文中提出的技术利用了“侧信道”(Side Channel),这是一种由电磁辐射、数据缓存或完成任务所需时间等物理表现形式导致的泄露。通过测量这些表现,攻击者可以解密加密流量并推断出其他机密数据。FROST 所使用的攻击方式被称为“竞争侧信道”(Contention Side Channel),它通过测量多个进程同时使用(或竞争)特定资源时的交互情况来工作。通过测量访客 SSD 上某些 I/O(输入/输出)操作的耗时,研究人员能够确定访客在其他标签页中打开的网站——甚至是其他浏览器中的网站——以及设备上运行的应用程序。
FROST requires no interaction from the visitor other than opening the site hosting the attack. “Web browsers have evolved from simple document viewers into complex platforms capable of running sophisticated applications,” the paper authors wrote. “Companies like Google, Microsoft, and Adobe have developed full-fledged office suites, photo- and video editors, or even integrated development environments (IDEs) that run entirely within the browser.” The authors went on to note: “While these features enhance the capabilities of web applications and allow completely novel use cases, they also increase the browser’s attack surface, and some have already been shown to introduce new vulnerabilities.”
FROST 不需要访客进行任何操作,只需打开托管该攻击的网站即可。论文作者写道:“网络浏览器已经从简单的文档查看器演变为能够运行复杂应用程序的综合平台。谷歌、微软和 Adobe 等公司已经开发出了功能完备的办公套件、照片和视频编辑器,甚至是完全在浏览器内运行的集成开发环境(IDE)。”作者进一步指出:“虽然这些功能增强了 Web 应用的能力并带来了全新的使用场景,但也增加了浏览器的攻击面,且其中一些功能已被证明会引入新的漏洞。”
Unlike previous contention side-channel attacks on SSDs, FROST runs exclusively in the browser. It uses JavaScript that interacts with the OPFS (origin private file system), an allocated storage space that’s reserved for a specific site to run code needed to complete a given task. Websites can create one with no interaction required by the visitor. While each file system is sandboxed, meaning it’s isolated from other websites and from the device system itself, the JavaScript can measure the I/O interactions. Then, by running those interactions through a pretrained convolutional neural network—a system that uses deep learning to analyze text, audio, and images—the attacker can deduce various apps and websites open on the device.
与以往针对 SSD 的竞争侧信道攻击不同,FROST 完全在浏览器内运行。它使用与 OPFS(源私有文件系统)交互的 JavaScript,这是一种为特定网站预留的存储空间,用于运行完成特定任务所需的代码。网站无需访客交互即可创建此类空间。虽然每个文件系统都是沙盒化的(即与其它网站及设备系统本身隔离),但 JavaScript 仍能测量 I/O 交互。随后,攻击者通过将这些交互数据输入预训练的卷积神经网络(一种利用深度学习分析文本、音频和图像的系统),即可推断出设备上打开的各种应用程序和网站。
“The attacker continuously measures SSD contention by performing random reads from a large OPFS file,” the researchers explained. “SSD contention caused by user activity causes measurable latency differences for these read operations. By training a convolutional neural network (CNN) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model.”
研究人员解释道:“攻击者通过从一个大型 OPFS 文件中执行随机读取操作,持续测量 SSD 的资源竞争情况。用户活动导致的 SSD 竞争会引起这些读取操作产生可测量的延迟差异。通过在这些轨迹上训练卷积神经网络(CNN),攻击者可以使用训练好的模型对新的轨迹进行分类,从而识别主机系统上的用户活动。”
The technique has its limitations. First, the OPFS file must be extremely large—likely a gigabyte or more. That requirement means that attacks at scale would inevitably be detected by many users. Additionally, the OPFS file must be stored on the same SSD the visitor is using. This isn’t usually a problem for tracking open websites, since the OPFS file is stored in the browser’s default location. In the event apps are using a separate SSD drive for apps, those apps couldn’t be detected by FROST.
该技术也存在局限性。首先,OPFS 文件必须非常大——可能需要 1GB 或更多。这一要求意味着大规模攻击不可避免地会被许多用户察觉。此外,OPFS 文件必须存储在访客正在使用的同一块 SSD 上。对于追踪打开的网站来说,这通常不是问题,因为 OPFS 文件存储在浏览器的默认位置。如果应用程序使用的是独立的 SSD,那么这些应用将无法被 FROST 检测到。
One of the best ways to prevent FROST attacks is to close tabs as soon as they’re no longer needed. More savvy users can monitor the creation and size of OPFS files allocated by unknown websites. The researchers proposed ways for browser makers to shut down the side channel. One such method is to limit the maximum size such files that are allowed. There are no indications FROST attacks have been performed in the wild.
防止 FROST 攻击的最佳方法之一是在不再需要时立即关闭标签页。更精通技术的用户可以监控未知网站分配的 OPFS 文件的创建情况和大小。研究人员为浏览器厂商提出了关闭该侧信道的方法,其中一种是限制此类文件的最大允许大小。目前尚无迹象表明 FROST 攻击已在现实世界中被利用。
The researchers performed the full Frost attack on an M2 Mac. On Linux, they showed that the underlying primitive (measuring SSD access latency traces from JavaScript) works, but didn’t run the full attack. “However, since the performance of the primitive is similar between macOS and Linux, we expect similar performance for the full classification,” Hannes Weissteiner, one of the co-authors, wrote in an email. “In principle, it would be possible to train a model on any system activity that reliably generates SSD accesses.” The researchers did not test Windows. The paper linked above provides many more technical details. The research is scheduled to be presented at the DIMVA conference in July.
研究人员在 M2 芯片的 Mac 上执行了完整的 Frost 攻击。在 Linux 上,他们证明了其底层原语(通过 JavaScript 测量 SSD 访问延迟轨迹)是有效的,但并未运行完整的攻击。合著者之一 Hannes Weissteiner 在邮件中写道:“由于该原语在 macOS 和 Linux 上的性能相似,我们预计完整的分类效果也会相似。原则上,任何能可靠产生 SSD 访问的系统活动都可以用来训练模型。”研究人员并未测试 Windows 系统。上述链接的论文提供了更多技术细节。该研究计划于 7 月在 DIMVA 会议上发表。