This novel attack technique falls into the category of side channel attacks, which allow to exploit complex factors of the hardware of our equipment to infer confidential information, analyzing -for example- the electrical radiation of a hard disk.
In the present case, they have developed a method to filter information from web browsers using only HTML and CSS code, which not only makes it cross-platform, but also allows you to attack even browsers with reinforced security such as Tor Browser.
Increasingly complex cyberattacks
This method, dubbed CSS Prime + Probe, shows a website whose code includes a variable that saturates the cache (for example, giving a DIV element a class name with several million characters) and then performs a search for a short substring that does not exist in said text, which forces to scan the full name.
The goal of this is know the time spent by the system to complete this search operation, which they can know thanks to the fact that just before and after the same DNS resolution requests are carried out to access CSS elements hosted on an online server owned by the attackers.
After testing this technique on computers that had been attacked while accessing a large number of different websites in parallel, the data collected was used by the academic creators of this attack to train a deep neural network model that identifies a specific set of websites visited by a target.
In fact, the Google Chrome developer team has already stated in the past that, despite their own pioneering work on cache partitioning (reserving separate spaces for different websites), side channel attacks cannot - for now - be completely blocked within browsers.
Via | The Hacker News