I still have trouble understanding what information can be leaked this way. Apparently it allows to check whether a particular website was visited recently, but the article is vague in this regard. Can anybody ELI55 this?
I still have trouble understanding what information can be leaked this way. Apparently it allows to check whether a particular website was visited recently, but the article is vague in this regard. Can anybody ELI55 this?
The Ars Technica submission might be better (I've not read TFA):
https://news.ycombinator.com/item?id=48309492
They basically trained a neural network on the data they got from the SSD - and recorded data with other websites open in different tabs or even different browsers.
They could then guess/detect other open sites.
I presume, if they'd trained/recorded - they might detect other software as well.
But right now, they demonstrated (on MacOS) that if you open the exploit in a browser - they can look at SSD activity and tell you have website x, y and z open.
Might let you target users of a certain bank, child porn, regular porn, shopping sites... Mostly imagination that sets the limit.