Source: Slashdot: Hardware
Researchers have discovered that websites can infer user behavior—what applications visitors are running, files they're accessing—by measuring the timing of storage device operations. The attack exploits a gap between browser security models and hardware-level data leakage: SSDs generate measurable electrical signatures when accessed, and JavaScript can detect microsecond-level timing variations that correlate with specific file operations, bypassing traditional browser isolation mechanisms. Browser encryption and sandboxing protect against direct data access, but the physical substrate of computing remains largely unmonitored for side-channel exploitation.