[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] QEMU soundcards vulnerable to jack retasking?
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [Qemu-devel] QEMU soundcards vulnerable to jack retasking? |
Date: |
Mon, 28 Nov 2016 10:19:16 +0000 |
User-agent: |
Mutt/1.7.1 (2016-10-04) |
* address@hidden (address@hidden) wrote:
> Recent security research shows that soundcards support surreptitiously
> switching line-out jacks into line-in by modifying the software stack. The
> way modern speakers and headphones are designed makes them readily usable as
> microphones. The Intel High Definition (HD) Audio standards which all modern
> consumer soundcards are based mandates this stupidity.
>
> https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf
>
> Does anyone know if QEMU's emulated sound devices follow this standard? If
> yes then a malicious guest that can modify the virt sound hardware can turn
> PC speakers into surveillance devices even if the microphone is disabled on
> the host. The only solution is completely denying untrusted VMs access to a
> virtual sound device.
I think it's reasonably isolated; the emulated audio controller ends up using
normal pulseaudio/alsa etc to talk to your host's audio system - so I don't
think it should be able to screw around with low level settings of the codecs.
Dave
>
>
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK