Authored by a team of American, Australian, and Israeli academics, the research paper analyzed the state of side-channel attacks that can be carried out against browsers.
A side-channel attack is a technique that can be used to acquire small bits of information leaked by a computer or app, which can later be used to infer broader pieces of information.
Side-channel attacks are usually developed against complicated pieces of technologies, such as CPUs and cryptographic systems, and are employed to leak sensitive data such as encryption keys.
For the vast majority of time, most side-channel attacks were considered too complex to be executed via web-based technologies, and most attacks relied on a threat actor planting malware on a system that ran native code.
This changed with the public disclosure of the Meltdown and Spectre vulnerabilities, two side-channel attacks disclosed in January 2018 that impacted most processors available on the market at the time, allowing threat actors to leak data being processed inside affected CPUs.
New side-channel attack developed for no-JS environments
Furthermore, their side-channel attacks were also found to work (albeit with reduced accuracy) on privacy-first browsers that have been specifically hardened against Spectre-like attacks, such as the Tor Browser, Chrome running the Chrome Zero extension, and Firefox running the DeterFox add-on.
These no-JS leaks, albeit of lower accuracy than other JS-based attacks, were enough to allow threat actors to identify and track users, such as determining what websites a user had visited in the past, researchers said.
The academic team said they tested their attacks not only against browsers running on top of Intel CPUs, which were most often shown in the past to be vulnerable to side-channel attacks, but also browsers running on CPU platforms such as Samsung Exynos, AMD Ryzen, and even Apple’s new M1 chip — marking the first knwon time a side-channel attack was found to work against Apple’s new CPU architecture.
Researchers said they notified Intel, AMD, Apple, Chrome, and Mozilla of their findings prior to their paper’s publication but did not share the answers they received to their disclosure efforts.
Nonetheless, the Google Chrome team has stated in the past that despite their pioneering work on the Site Isolation feature, side-channel attacks cannot be fully blocked inside browsers for the time being.