These days, it’s nearly impossible to traverse the web without leaving some trace of your activity. That’s thanks to a panopticon of cookies, keystroke loggers, fingerprinting, tracking pixels, and probably some other horrors that haven’t even come to light. Maybe that sounds paranoid, but it’s exactly what researchers in Austria uncovered in bombshell new cybersecurity research.According to the recently released paper, first spotted by Ars Technica, researchers have uncovered a type of no-interaction attack that websites can easily run to access data stored in your computer.It’s called FROST, which stands for “fingerprinting remotely using OPFS-based SSD timing.” It’s a mouthful for sure, but it basically allows malicious websites to spy on your computer activity, all without installing any software or tricking you into clicking sketchy email links.Per the researchers, it works by taking advantage of your computer’s solid state drive (SSD), the internal storage devices which have largely taken over from magnetic hard drives on the consumer market. Whenever you visit a site, your computer’s SSD starts buzzing with activity, allowing webpages to store temporary files for your browsing pleasure.FROST attacks take advantage of this by creating a massive file — we’re talking several gigabytes — which functionally blocks your computer from moving what it sees as temporary web data out of the SSD. While that mammoth file is being processed, however, the malicious website is able to probe the timing of incoming data from other sites, generating data which can then be analyzed through a machine learning model to predict what else you’re doing online.While “predict” suggests the attacker is guessing, the FROST method is scary good at identifying what a victim’s doing on their computer. Researchers write that by using this technique, their machine learning model was able to predict which sites a user would access with an accuracy rate of 88.95 percent, and could accurately predict accessed applications 95.83 percent of the time.Worse, the whole thing works regardless of what browser you use — because it works through your SSD, an attacker can theoretically track your web browsing on Firefox based on a website accessed via Google Chrome. Researchers only experimented with the technique on Mac and Linux devices, but caveated that Windows devices are not immune.“In principle, it would be possible to train a model on any system activity that reliably generates SSD accesses,” the study’s lead author, Hannes Weissteiner, told Ars.While FROST represents the kind of vulnerability that probably needs to be patched by web developers, Ars notes that you can mitigate the risks by closing website tabs as soon as you’re done with them. It isn’t much, but it could prevent you from becoming the next victim of a scary new kind of cyberattack.More on web development: New Website Detects Apocalypse If Billionaire Jets Start Fleeing en MasseThe post Websites Are Spying on Your Solid State Drive appeared first on Futurism.