[libvirt] QEMU soundcards vulnerable to jack retasking?
bancfc at openmailbox.org
bancfc at openmailbox.org
Thu Nov 24 17:06:29 UTC 2016
Recent security research shows that soundcards support surreptitiously
switching line-out jacks into line-in by modifying the software stack.
The way modern speakers and headphones are designed makes them readily
usable as microphones. The Intel High Definition (HD) Audio standards
which all modern consumer soundcards are based mandates this stupidity.
https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf
Does anyone know if QEMU's emulated sound devices follow this standard?
If yes then a malicious guest that can modify the virt sound hardware
can turn PC speakers into surveillance devices even if the microphone is
disabled on the host. The only solution is completely denying untrusted
VMs access to a virtual sound device.
/CC'd the respective researchers for input on this too.
More information about the libvir-list
mailing list