Re: [Qemu-devel] QEMU soundcards vulnerable to jack retasking?

[Dr. David Alan Gilbert]

* address@hidden (address@hidden) wrote:
> Recent security research shows that soundcards support surreptitiously
> switching line-out jacks into line-in by modifying the software stack. The
> way modern speakers and headphones are designed makes them readily usable as
> microphones. The Intel High Definition (HD) Audio standards which all modern
> consumer soundcards are based mandates this stupidity.
> 
> https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf
> 
> Does anyone know if QEMU's emulated sound devices follow this standard? If
> yes then a malicious guest that can modify the virt sound hardware can turn
> PC speakers into surveillance devices even if the microphone is disabled on
> the host. The only solution is completely denying untrusted VMs access to a
> virtual sound device.

I think it's reasonably isolated; the emulated audio controller ends up using
normal pulseaudio/alsa etc to talk to your host's audio system - so I don't
think it should be able to screw around with low level settings of the codecs.

Dave

> 
> 
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK