Published On 3/6/2026
|
Last update: 18:42 (Mecca time)
Researchers at the Graz University of Technology in Austria discovered a vulnerability that allows them to spy on the websites that users visit and the applications that they use using the solid-state drives (SSDs) in the user’s device, according to a report by the American technical website “Toms Hardware”.
This vulnerability relies primarily on a malicious website that is able to measure the response time of drives using custom JavaScript in a standard browser environment.
A Tom’s Hardware report stated that the accuracy of this technology is close to 89% when searching for websites that have been visited and 96% when tracking applications that have been run. This appeared during the research team’s testing of the vulnerability on MacBook computers.
The vulnerability does not require more than visiting the malicious website via any browser the user prefers, as research has proven that the vulnerability works efficiently with Chrome and Safari browsers alike.
The team calls this vulnerability “Frost.” This vulnerability tricks the storage system by creating a new, very large file inside the disk, and exploiting it as a secret entrance to access and read all stored data.
The report confirms that the research team contacted Apple and Google and informed them of the vulnerability in an attempt to find a software solution for it through over-the-air updates.
A separate report from the American technical website “Ars Technica” reveals that the research team’s tests were conducted on Mac computers only without attempting to test it on Windows systems, but it is expected that the vulnerability will work in the same way.
More than just tracking
Although the research team did not share all the clear uses of this vulnerability due to security concerns, according to the “Ars Technology” report, such a vulnerability carries a very high risk because it allows malicious sites to reach the user’s computers and storage units.
The danger in this loophole lies in the possibility of training artificial intelligence models on user data, the rate of their stay on pages and sites, and identifying the sites they visit and the applications they use.
The “Frost” vulnerability is one of the vulnerabilities that complement cyber attacks without being the cause of an independent cyber attack in itself, according to the “Ars Technology” report.
It should be noted that the research team was not trying to exploit the vulnerability badly, and its mere existence means that it can be developed to obtain greater powers than before.
The possibility of installing a large file on computers remotely constitutes a major cyber risk, as this file may contain malicious software that contributes to hacking the computer or stealing its data through another separate vulnerability.
The research team advises users to be careful when visiting suspicious websites and to close any page in any browser immediately after they finish using it, as this undermines the ability of the vulnerability to access user data.
